Extracted

• • Target

    f6cf1cab4deb2e0c7f51aa2a632d88992f1e348be5b83b98684283daf0a3d7e8N

  • Size

    594KB

  • MD5

    ec7ada80d5d59dc9573a1e88fceda380

  • SHA1

    bc16fe10386779dad3fa68d8778d3b770ef0b551

  • SHA256

    f6cf1cab4deb2e0c7f51aa2a632d88992f1e348be5b83b98684283daf0a3d7e8

  • SHA512

    36c6166405ea873fa51a68f4422494c402d71bd0aba89ea0dc473d73ec8a97c0803512f8aef4135fc106038580451210d869ef85d3189688edf2f45ac93ea777

  • SSDEEP

    12288:2CTksllSkJd8xYV0SDYYyYnIVdXgM9zGk9wx4GsTrQIJ4ZOiqcKS:nlbJ0/S0YMpzOaUXZy

  Score

  10^/10

  vidar0b3bd69430b7d827b107ba2ed809207dcredential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2