hdx-home-beta.exe (or similar executable inside the archive). Classification: Trojan / Infostealer. Common Families: RedLine Stealer or Vidar . 3. Infection Vector The malware typically spreads through:
The file is frequently identified in cybersecurity research and sandboxing environments as a container for malware , specifically associated with RedLine Stealer or Vidar Stealer campaigns . It is often disguised as a legitimate beta version of virtualization software (like Citrix HDX) to trick users into executing it.
It checks for the presence of debuggers, sandboxes, or virtual machines (VMs). If detected, it may terminate to avoid analysis. B. Data Harvesting (Infostealing) The malware scans the local system for: File: hdx-home-beta-windows.zip ...
Check %AppData% or %LocalAppData% for randomly named folders containing .sqlite or .txt files (logs of stolen data).
Change all passwords from a different, clean device , focusing first on email and financial accounts. hdx-home-beta
Targets browser extensions like MetaMask or desktop wallets (e.g., Atomic, Exodus).
Upon extraction and execution of the contents within the ZIP file, the following stages typically occur: It checks for the presence of debuggers, sandboxes,
Use hardware keys or app-based authenticators for all sensitive accounts.