Extracted

• • Target

    cf68dcc6ab0c65e51eee046cba5cad4081a9b0404fa8c6f53d527da4ee3a47d2

  • Size

    1.3MB

  • MD5

    0adeff966650db425eabf0e5e2199e63

  • SHA1

    f81823795fee0ff544a9f4cf0912cf9df601917e

  • SHA256

    cf68dcc6ab0c65e51eee046cba5cad4081a9b0404fa8c6f53d527da4ee3a47d2

  • SHA512

    7d9965c0ffe141ad0c967aefbb717c2563abffdd405e05e0c388257723f579c793e457d3e99707045de6b63a49b19f741814b046f14789b87948d93b42a596a3

  • SSDEEP

    12288:D919DmlrB8JkPVErm6zbim+E1dQovuKefj2blZ:DHdmld8JkPVErTbEEJvBQibl

  Score

  10^/10

  vidar41604d9c3f33ad83bf3b768afb4d23d5credential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2