Extracted

• • Target

    2025-02-23_cba4bf1654641324c4e5d9330fc2735e_frostygoop_poet-rat_snatch

  • Size

    5.2MB

  • MD5

    cba4bf1654641324c4e5d9330fc2735e

  • SHA1

    4a87cc85746493b98aebf3cc295318313bc903bb

  • SHA256

    7dd4a3ac242a31c1a219425fe25659875eb247286b1826597d6c82679d588f6c

  • SHA512

    8906c8957edcc725be4f247b6caff1e9e0f04139931eca42bc5780b640a3a856d9d8ae333b3b239e18cd298f5cf521c76167622d7220650c6af65bbdea86af7a

  • SSDEEP

    49152:8l2I+TsDdNum6TfbV+/74e1HOiiI1qCRzecn5EZ8AoFVWkjDH4P1EKLR1Ic201oL:8YI+T8XqfbVy4IuilzfzHhc2PFn

  Score

  10^/10

  vidarcredential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2