Extracted

• • Target

    365a1d7527a31e7a51ec56f48baaab3b50b3d1a07989824b04deb1a1670b54cc.exe

  • Size

    1.5MB

  • MD5

    ecfaf71c4aebf2a54d73f101d7fc5af7

  • SHA1

    b7757c667c42b91b6cd892728b78296d30d86fe2

  • SHA256

    365a1d7527a31e7a51ec56f48baaab3b50b3d1a07989824b04deb1a1670b54cc

  • SHA512

    1fd87904b5d74cb4de4462588842b450723872479fecc5ab23afe2c65985fd0441c16ebd2ab831594bef9c6e421b689eeb7b7aa37f377a30cb55f336c6bc9ba9

  • SSDEEP

    49152:NOcxhqLzoQG2+52hpvZh9QjIVlqUGN87N:NOKcvdGeFhiglqUQ8h

  Score

  10^/10

  vidarhu76fadiscoverystealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2