Extracted

Extracted

• • Target

    ts.js

  • Size

    4KB

  • MD5

    ed3b56e4275b4a0ed7b7b0b7bd7461c6

  • SHA1

    404efc9a3c6be253546f9ad0cc6b61df5efbf091

  • SHA256

    848296488fd185d3621c274420d9e59b974734234ec4e420bc11820f26c732a6

  • SHA512

    7bc3684177b1ec80b3e7895522f29996a706a3215314307726c9ecaab65b5525936725bf41d876fdd575e9dd583d6cc1e02ca9fed2988418d4cf33fb8d3f208a

  • SSDEEP

    96:dCkwnKuF0idLODzNXkv6YxiMjip1PDpmMjDqVoV7bKD8Ngr:fwndTdCDz1SLxixp1PPjD9btNgr

  Score

  10^/10

  vidarcredential_accessdiscoveryexecutionspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1