Overview

overview

10

Static

static

3

Unlock_Tool_5.4.exe

windows7-x64

10

Unlock_Tool_5.4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Unlock_Tool_5.4.rar

  • Size

    43.4MB

  • Sample

    240910-ml5xjs1cjd

  • MD5

    5fba775cb42b239db284435557ca2670

  • SHA1

    eaf7de8539014666548f56ed1395729652a4eb3f

  • SHA256

    cb091b4adbc8ee8f4475c7f8c6ca42fabb2604d00a994c1beb6e13667beddb92

  • SHA512

    fcb5f6e4f60d376d9e12362bec44de2ca9a58b3a0e4b3aec1dfe707d500090643824664abce32bb0fcc6bab7fdd25cc5dee32bcd41435f16b0baca7c5d8297ae

  • SSDEEP

    786432:y6aNRNa/U5rj/fZr3dc3BDp9WiTSjKiHz77WXn7ep7wlWkCQF:y6aNRk/UhLZr3dunWuSjHHz7aXn7ep7m

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/edm0d

https://steamcommunity.com/profiles/
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0

Targets

    • Target

      Unlock_Tool_5.4.exe

    • Size

      272KB

    • MD5

      24915a555d666fa45c37055e92209c6a

    • SHA1

      ff984a32bdeaedabd58ac73789a761a41d70d919

    • SHA256

      cb147eeb8e847e44e1d7794c2d3b518abf65c9b7fca9647693d2f4e27b7e112e

    • SHA512

      94edae4675967caa827acd0aafb4ec8ebcecc138652bec31baaf59235f433cb84762ef9ed6e1a17d0159130517eac15373154c932964d2e6ee1d398a43728b20

    • SSDEEP

      6144:e4EY8l7Wb4RLNpPxu2lalO3SXlDdqlYfOIJYLkkdMuJu4:/A9Q4ZLlH6XwoJ0pGuM

    Score
    10/10
    vidarcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks