Extracted

• • Target

    link.txt

  • Size

    139B

  • MD5

    b158f6f6f236146dbb84f01382f7b288

  • SHA1

    6044e94429a90711f51626f628a3a9d51d4afd60

  • SHA256

    ac87f8dd3c4ffb6ebfebe7e23be8ec298263cb5103bdd180e156997db328c85c

  • SHA512

    9f52cd6d10066c7033c239494c513698ada42881768d23ad52785a3f787c53bbaafbc51e66806753e7b104c5d23c2a46eeed6d4740b5a0a9420bbbed85edefe9

  Score

  10^/10

  vidar8b94a7bcafb394a6cda231fd95b94a68credential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1