General

  • Target

    Unlock_Tool_2.1.2.exe

  • Size

    597KB

  • Sample

    241009-rlt79s1cre

  • MD5

    bb13b2bc0a171b39858b4b545f9c1fd6

  • SHA1

    2a0f691c710de90f94430e44ae2cf402706cb079

  • SHA256

    292e9cdee0da60b05e921597c477809714053a5a1989cca9eb8693bd6cdf2f53

  • SHA512

    fcd2e26503bd53000b030464cfeb9eed602629a7cc1e4d5af4bdefb8dde712003b8176253f473a45cd26ba4c4e751481d3d1755066264211885434ea5bb3fbe6

  • SSDEEP

    12288:ToBfQ63FVy4GeT7spsUdGVPvXbj6b9HX7x8Z8o0KLICLdNjqFqHN64fwETEO:To1z3FtT7msUdUPvX0Hrx8p0iLdNjq8h

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

23a142269e47ce1692ccc9fb68473bc2

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      Unlock_Tool_2.1.2.exe

    • Size

      597KB

    • MD5

      bb13b2bc0a171b39858b4b545f9c1fd6

    • SHA1

      2a0f691c710de90f94430e44ae2cf402706cb079

    • SHA256

      292e9cdee0da60b05e921597c477809714053a5a1989cca9eb8693bd6cdf2f53

    • SHA512

      fcd2e26503bd53000b030464cfeb9eed602629a7cc1e4d5af4bdefb8dde712003b8176253f473a45cd26ba4c4e751481d3d1755066264211885434ea5bb3fbe6

    • SSDEEP

      12288:ToBfQ63FVy4GeT7spsUdGVPvXbj6b9HX7x8Z8o0KLICLdNjqFqHN64fwETEO:To1z3FtT7msUdUPvX0Hrx8p0iLdNjq8h

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.