vidar

Sharing

Copy URL

Twitter E-mail

General

Target

Unlock_Tool_2.1.4.rar
Size

43.6MB
Sample

241010-s777patbmc
MD5

2b2703d9d8e0da4bc2c26370e2d624fc
SHA1

f9f40a4a08bdada3340fd2e17cfce6636bde1858
SHA256

c63f72dc40e17b31486055aff99b830a3a565614bd8c09f709a161a1733f1377
SHA512

67f039b085ad245e9b65a79650ed859bd678191f63a5ca2066944c6493171cdbc73bfefa963b1aed51e64ba9d7855d6694f1c5002e42f294142106bfdf950ae6
SSDEEP

786432:rjpxxuwfK3496BUGbDwF+CUGvf4+dQj8Y8ogajZOh+YFJVnmO61BL18:rjcwfK3bih/f4EpRoCJFJG1BL+

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

23a142269e47ce1692ccc9fb68473bc2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  LICENSE.html
- Size
  
  6.3MB
- MD5
  
  6e638956244aaded2c92b77f9d421a81
- SHA1
  
  f5269556b6fe04cfca5a1da21af718641708a666
- SHA256
  
  652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e
- SHA512
  
  f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1
- SSDEEP
  
  24576:nPVZ5W5WS95zHIlGMmfu626s6W6a6q5AHOeQDph:SMn
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Unlock_Tool_2.1.4.exe
- Size
  
  593KB
- MD5
  
  4e6b4807bf9282c074e0242e978ba716
- SHA1
  
  d207de2b5199957faba2835a291dc6ae17e1d98e
- SHA256
  
  5f5039f0ba15ceece070d87486aca31e680fb7afdd5bcf26bc0a17fe15644672
- SHA512
  
  135c6a56dd2ef58f68de0a302c73cc3b5ae27a6d6a4c26e1b5aa7d2a5f436ff5ffe4ac0aaba75276de6ed1a69d5ef115a35569b19bb4798f32c04e6adc341cd0
- SSDEEP
  
  12288:5mRd4QbSrUv0NT3Mj7epnxedyNTOWEgzlaBKLqebx59h+OGRXi+GYQETEO:URG53nsdG6Wlzlao7bx5H+xlUBmt
Score

10^/10

vidar 23a142269e47ce1692ccc9fb68473bc2 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  lesseeVariant/modules.dll
- Size
  
  907KB
- MD5
  
  dc05f0b8f1a32e872721d3486e6332b8
- SHA1
  
  dbf055b0f934640fadcfaa93971fead8df7a3869
- SHA256
  
  37ec5f998a5c376d4fcd4342b43a4163d1f043e0f7711e46677cd30013882723
- SHA512
  
  0f89d713237ef11a1ef8d824ad9767bb13fb4f5f334acdd65af0ba6e54cec4a910398636683254b3fe4d46a069a1781187313684ff827a907b8b968134f6efa0
- SSDEEP
  
  24576:z0OY4ZFajHYDTR2yfVbf+c6Z5WODYsHh6g3P0zAk75:z0CZFaj4HR2yfVbd6Z5WODYsHh6g3P03
Score

1^/10
behavioral5 behavioral6
- Target
  
  locales/resources/Data/Managed/Unity.Postprocessing.Runtime.dll
- Size
  
  141KB
- MD5
  
  a75ea867f8f13ad7e081f64c2407c66b
- SHA1
  
  1a46a9ba7a024d91774a56190157683599443747
- SHA256
  
  8bb91dcd3aff282bd37804adcaab5a6a0337695570909eb83d88e5900007be87
- SHA512
  
  43a4de663a1f54826348ba24a6dd1beec996a59d194ee10d17c8fb0ff55430fa727a05b1c5377603c13e45b738bbef76435dc1859b0a5709fa9bae979a24c236
- SSDEEP
  
  3072:mGxexnpaRblPXA5oOoSpM+k/slzP5kH/cJAr:m7wPYF/p0KqcJ
Score

1^/10
behavioral7 behavioral8
- Target
  
  locales/resources/Data/Managed/Unity.RenderPipelines.Core.Runtime.dll
- Size
  
  180KB
- MD5
  
  ada7730ee67447a643a760b5324283b6
- SHA1
  
  5f246cd1a5859d1c21da052e4a8cdba545ef0ab0
- SHA256
  
  b42119b70c05796d19617774336d8fd7cf988aa3d0fda6946edc68368bdd6a6f
- SHA512
  
  5d33a1ed872396b284c1253e8b9098a96f81e316c82170b3589fbd9b1c29f59dd107d6700d963df0056b390887bcbc4d0cc983209df81e7096be89e7680b4a18
- SSDEEP
  
  3072:/WsIlcGLwg9B8NiTR3QYCFGNEnbU06oM2GPtZvKxZfzXBLFJoS:XQwgIkN3RbXoM2GPtSzXBLFJo
Score

1^/10
behavioral10 behavioral9
- Target
  
  locales/resources/Data/Managed/Unity.RenderPipelines.Lightweight.Runtime.dll
- Size
  
  59KB
- MD5
  
  b4bf1c91fc65a1fd3723ffb34ebf8d10
- SHA1
  
  795c1092026f121e4738f946a601834656503c76
- SHA256
  
  f8ed3296a5b654fe27d27c0d613555acaafcb707cecc7d391f02c114cbf852c8
- SHA512
  
  e8cf1c805f58907ee27f128029dffd153ccaff6f532d0204741216e026b614558a4395d9543172872fbdb49c9052adf99ae9aad1aaf1a16bae5bfa5b5751fb41
- SSDEEP
  
  1536:E7GBI73Zw+OrbMe23xtet71WRhZBvwcfxz4oJE:Bc3Zwd/MjLZBxcCE
Score

1^/10
behavioral11 behavioral12
- Target
  
  locales/resources/Data/Managed/Unity.TextMeshPro.dll
- Size
  
  308KB
- MD5
  
  54b9fd4d5e1abcefbc692b4384761b82
- SHA1
  
  a8f2235ba53960ed071bc7ec91fd818d2957eef2
- SHA256
  
  08e99be19807deabf798bb8e97a9ceab23472e01e43aa8a505a8656bc21a4f4b
- SHA512
  
  3a40a42da77f35b0bc064518d21d28b3033676dcfb9fd369333722894f4d84668b3f6eaf7738d89ac0cb7f5354e817e0b9af0c55de3056e516ef18250879b216
- SSDEEP
  
  6144:Up+2Fn9DbBieSSd+39YPKlTfw9SIbPNJrZKCGeeZoF0:U82FnxBi/S832PKlTvIbPNFV
Score

1^/10
behavioral13 behavioral14
- Target
  
  locales/resources/Data/Managed/UnityEngine.AIModule.dll
- Size
  
  38KB
- MD5
  
  9e8d7a9b34a223e383e79ac89d6ba2be
- SHA1
  
  f43b425d6eb9a395f021bb3b463f062fa7aa4f21
- SHA256
  
  0fdc7eacd631c4ded5b75e92c9b98b56cd13f063f2ea2b7ce7dad4a437f63597
- SHA512
  
  d8c2947512c69495bf3e61bab2ca2ba65a300895ffcb3fbe5ba593861d92b8c14f600f73ff1fe4776961a96faa273c471159000a9228ce378b49b7f2453d9422
- SSDEEP
  
  768:OYouZ7+t8Dz26iicuE/roMMLmMkBdaZBxVIqu2WhsieochdV2:OWFm8Dz26iiR6/e5W4hhr2
Score

1^/10
behavioral15 behavioral16
- Target
  
  locales/resources/Data/Managed/UnityEngine.ARModule.dll
- Size
  
  21KB
- MD5
  
  2695ae3d4a27b71c9d8a19b97c47e79f
- SHA1
  
  d7bf4cbe69839efbfea32995ec1616fedc295db5
- SHA256
  
  3598c5eb22d7afe3c738df4d019f835e67bc6724351bd69fdf106ad55feec126
- SHA512
  
  60e0145de99462f79fb77f707d57e56a99f25b9da68a9162af901be7d19b8ad7b1de84d7c44a6a4f4d77e3b720fe56f3f1a0e10a284f02a812eb6d12bfa9ff4b
- SSDEEP
  
  384:5Ny1fGJeg0A9CNRiA2As2rZMo8fiujw/vVP7NuLk+J0lcK9cjQ:5xJL4p2AsMMoNujIJ7cLkwi59n
Score

1^/10
behavioral17 behavioral18
- Target
  
  locales/resources/Data/Managed/UnityEngine.AccessibilityModule.dll
- Size
  
  8KB
- MD5
  
  4999281ea43d709ab2681403566a53c2
- SHA1
  
  3a1b77ddfdcc09546b90a7ca805201a2e3ffbfcc
- SHA256
  
  7428c07ede130108151834313b87d55573b3cc8024afd86f3a0c7650be662275
- SHA512
  
  384eec39addffc37ffb750e8b3ce2ff5b4e7e0fbe3b10d148487a336d49187b7051606eb839be471a73db5c0954bc6bd6e29ee5b347216b26a0b25ddf7144c91
- SSDEEP
  
  96:GIDqgHuhhZeBwktZmkLt12K/Yz0eOcVxO+v0Sk03AHaLcjZCQm0SL:rqNZYFLbo0VDa3AycjGL
Score

1^/10
behavioral19 behavioral20
- Target
  
  locales/resources/Data/Managed/UnityEngine.AnimationModule.dll
- Size
  
  127KB
- MD5
  
  3c75b3d624d27e6495dd64516d6dc878
- SHA1
  
  07e39edd3ec3531e296f1e6771398da999b35eaa
- SHA256
  
  068233dddd8087276937162311fec8e44fb4f8cc351c6d716a5b8878915e44bd
- SHA512
  
  0f20bbb606d89ede57fbfe578044629fd71435f21dbeaa594731b202a3be3e2af86c6423686491fb64a2244119fd5035bba1f682955172d7852ca305f4b865e4
- SSDEEP
  
  3072:NGCb/SJfRG7zyvwiAk4LXvdedHI35GIynL432S9pEm2bb:M6/cvyk4LXvdedo3Q3nL432S9pEm
Score

1^/10
behavioral21 behavioral22
- Target
  
  locales/resources/Data/Managed/UnityEngine.AssetBundleModule.dll
- Size
  
  15KB
- MD5
  
  c06cc346c6b711a2722ea0a63dece486
- SHA1
  
  2035e7d0c24b72d4b20f3477ed7de644ff8d676b
- SHA256
  
  d5a3bde4e5e979646fb00f20f524270172b6e51365b9abed1a0172e8cc77f650
- SHA512
  
  d71126e0211ffde85edb0777b6434b208268c9b2204026c2a102bd88577337915165b6ef362859f79520ffc4376ddaeb01404a1100ea6f5468087778000cbf75
- SSDEEP
  
  192:x0MKavB+BggRRwxqx8F+cmCWXvFc864MV6fiJ+5WyBcIAe1ciEUzvXSgdttd47fT:pe8kcmCWXvT7MIjvrcj/
Score

1^/10
behavioral23 behavioral24
- Target
  
  locales/resources/Data/Managed/UnityEngine.AudioModule.dll
- Size
  
  53KB
- MD5
  
  3b8c0b887d976d5e77c4d93255a2a0de
- SHA1
  
  c0406b81ee95b994f3a2f674ab7d82da2fe75abc
- SHA256
  
  76c31d2db844f13e1cbcc92285c6cb8eb1a3d0cab73e16c2e799b0fc52b779cb
- SHA512
  
  89ea417e17090839e071c3e499423c93ddbf0c01bca5a51a1e32440e9c4e31c4b8c4412377ba50873c82be77f615cf961fb2dd26c186761499381f031b061a54
- SSDEEP
  
  768:DPYmE0gfl7aMW+mIzTQ2xwb/ferBv2I2+751+Ek028:E0fMW+mkKTer11+EkX8
Score

1^/10
behavioral25 behavioral26
- Target
  
  locales/resources/Data/Managed/UnityEngine.BaselibModule.dll
- Size
  
  5KB
- MD5
  
  c1a66ab6d190d11f7c5d16da582e809a
- SHA1
  
  333edd61f9ce3d633d8fc3be79d838fcdd9c94ad
- SHA256
  
  92023ef1a965a661932386d0857e0c0da669a2fea5a3c964daac5559d547a6ee
- SHA512
  
  5b898f343bc8d9d1f06fe9a1101513eb18b538abd1d737975f0120ea76881a53ae00837f1f72ab25ea10a0bfcb375613551f1a611e3b1d0978b0a67e54e972b3
- SSDEEP
  
  48:6NS+LyYUJinKQr0D5SaTByEV33aLcjinqnqC5gOPul+0Y/ZI:mLlUJlQ8aLcjA0Iw0Y/
Score

1^/10
behavioral27 behavioral28
- Target
  
  locales/resources/Data/Managed/UnityEngine.ClothModule.dll
- Size
  
  11KB
- MD5
  
  cf5fe12221b147e8d365887879e10719
- SHA1
  
  9b33e2e288509c43f462280c6eef5008179d7296
- SHA256
  
  bf4a02a48f25e67adaba9f73d8ac9746e1a0ecf3e5ef05afcf355de25e846ea7
- SHA512
  
  d1d03c551debccc3c00b3db8a9ae56517d364fb8207e43c7f23c9a28bbd6b52766113affd7366d37084f7066b76c8e0842abdb8aa75d48410ccd0b79f6796ce1
- SSDEEP
  
  192:06AtDEv401l3yYXI3G4y3ssQOJz4EzmSPedJFRft9K8xnvWUcj+Z:065v4011yqI24y3ssQ24EDedJFR3K8xR
Score

1^/10
behavioral29 behavioral30
- Target
  
  locales/resources/Data/Managed/UnityEngine.CloudWebServicesModule.dll
- Size
  
  5KB
- MD5
  
  9fca86f7191b02389ad172f40cfc262d
- SHA1
  
  e68df1c3d26351c952b4172ac899e145e963a58c
- SHA256
  
  5ea741dea103ce91687eb93dd6a72b748bd6f01c00813fbdbb1708b038fd9865
- SHA512
  
  7d91ecd5755fb113f91d7897bd32596698b67714fda8a60594c4455b8b0cfabd619a1d77f783870577f62cf331af648bd8fdfd4d5a55b1683d2f4f5625c987a2
- SSDEEP
  
  48:6XFFeTYUJinK7ar04F54TByEV33aLcjinqnEwE+OPulLi0XINxI:ueUUJluiaLcjAKE2xi0XIN
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Downloads MZ/PE file

Loads dropped DLL

Unsecured Credentials: Credentials In Files

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32