Extracted

• • Target

    2024-10-30_6dc517f58f112adcdd3cfae606a67964_poet-rat_snatch

  • Size

    6.2MB

  • MD5

    6dc517f58f112adcdd3cfae606a67964

  • SHA1

    b59f74642e963111027613ce0206ca77aec06fda

  • SHA256

    2a559ce1ff609781226319d7f57d6c8cf32487bd87bb796ea43ee015aa104a73

  • SHA512

    6f04ac98d9ea1eb203d2b93e9ff9f02a26b2ff61a4afc61b47f5d7f6260a80bc085fbc24c97c43407651c231156f468d4fe00cb152e64c6be948fed6b19f4ed8

  • SSDEEP

    98304:cTiMEvjmzKewwsZ2XoCx7fR+Q6VCKrUk:iiMEaI24C1UQszrU

  Score

  10^/10

  vidarcredential_accessdiscoverystealerspyware

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2