Extracted

• • Target

    9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04

  • Size

    1.2MB

  • MD5

    2f79684349eb97b0e072d21a1b462243

  • SHA1

    ed9b9eeafc5535802e498e78611f262055d736af

  • SHA256

    9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04

  • SHA512

    4d94ae4633f3bf489d1bc9613fc6028865064ec98f73b5e9e775f08ff55d246daeddce6a4a0a013a9d05e65edc726768c397d0382e5c35352144b5338d6467d3

  • SSDEEP

    24576:9piXI12TyeC5m71MsNon4J0t1TBUV1E1HP9yjy3anIPXD:9pYaeC52KsNgFtxBUvWIaaKz

  Score

  10^/10

  vidarcredential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2