Extracted

Extracted

• • Target

    data-Setup.7z

  • Size

    116.3MB

  • MD5

    3152ed0815d3eb095c6e9c8469d99b77

  • SHA1

    addf193abcafc1d6099b787ae7be873c79b4f365

  • SHA256

    b99fa29a917eb26f7dd60427f9d4e261e95e06354e570b0e7f7c759672b9ebe7

  • SHA512

    b7eae4d1cd9c6c3edce37f2601e1f3528689d459c1780558a17ccaa770d189f6413f6b51105dac595d3afb9d95a28c24b7e5a7d0bdcdfd3cb1788fe672e918b4

  • SSDEEP

    3145728:+bjzx3kP0uuE0SWwn8lkUXljGeHS4RG9MGbVOKHntLCJCIXrd:Yz9kP0ut0Pwno1jGeySG9JVgJCIXrd

  Score

  7^/10

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2

• • Target

    data-Setup/Setup.exe

  • Size

    44KB

  • MD5

    f86507ff0856923a8686d869bbd0aa55

  • SHA1

    d561b9cdbba69fdafb08af428033c4aa506802f8

  • SHA256

    94f4fd6f2cb781ae7839ad2ee0322df732c8c7297e62834457662f8cde29dcbb

  • SHA512

    6c1c073fc09498407b2c6b46d7a7e04c2db3c6f8d68c0dc0775211864c4508c48c2bd92e3849dc3805caacc856f9e31e1eea118661a55f526bfa61638f88c3da

  • SSDEEP

    384:RozxIpl4504JaAystntGecMJ6gjpS1BO2NjrLVXjW9VBhKigecicWwnWzYDTFu:Rg04PGeZQG2NDVXjWLu1imL

  Score

  10^/10

  vidarir7amcredential_accessdiscoveryexecutionspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral3

• • Target

    data-Setup/data/7za.dll

  • Size

    284KB

  • MD5

    a608e5fb266a10174235da5c6d396769

  • SHA1

    85526701342f9db479578d08a3599cec2e8be321

  • SHA256

    a05490eea8ce1484cd15302c65803414ee7227fcbdf1a1ed2d4243f583f957df

  • SHA512

    9e4f4c45e5be9faa7c754dc646213d3a7eb862b9fade96437f285c7d571b96fc3577e12f3768ae88902c52bda2ac3d1976adc32e7145766ea66c50af303efdd5

  • SSDEEP

    6144:Rm3x2iT42LpOe4+5r7R/nV+yqwBey/M6Yijgzj9Pq7MXJzS/8aN:Rm3x2ik2LF1fIEM6GP9C7MRa

  Score

  3^/10

  discovery
  behavioral4behavioral5

• • Target

    data-Setup/data/7za.exe

  • Size

    828KB

  • MD5

    426ccb645e50a3143811cfa0e42e2ba6

  • SHA1

    3c17e212a5fdf25847bc895460f55819bf48b11d

  • SHA256

    cf878bfbd9ed93dc551ac038aff8a8bba4c935ddf8d48e62122bddfdb3e08567

  • SHA512

    1ab13e8e6e0ca4ca2039f104d53a5286c4196e930319c4fe374fa3bf415214bb7c7d2a9d8ca677a29c911a356cca19a1cecae16dd4bf840bce725f20de4c8ff2

  • SSDEEP

    24576:b82Iz/8J9oDionNtypHq6geLmUB1HXBxCbx5MwRv8:bBYUzoDtiqELmW6nR8

  Score

  3^/10

  discovery
  behavioral6behavioral7