Extracted

Extracted

• • Target

    test.ps1

  • Size

    1KB

  • MD5

    6816f3334a46e8ff14edd35a88fbd2bf

  • SHA1

    3680ed31cf3c03b9db142d2feefe0b4a546930e2

  • SHA256

    5233534a5ec895ebc0061424784dbd967f9eba299375e00db31e7d9f976c6ef7

  • SHA512

    66300062b53b298c6a58a2d793b3b47e5c0cd65aed06ed794ac6d1e4258390ee75b9ff5c9f245db7b689d6e2e1cba4980ebd6984df311d2c5df1d5e9ff8f1863

  Score

  10^/10

  executionvidarcredential_accessdiscoverystealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2