General

  • Target

    Unlock_Tool_2.1.7.rar

  • Size

    43.6MB

  • Sample

    241015-mmn1eszbmh

  • MD5

    5c3466d93ef29f3902dc1f4e3d12b764

  • SHA1

    d7f1f8761e26324580f0e5be985268ac76c56853

  • SHA256

    87da38c9d074d01908ba1629bfc4fd2473664a89e2d300ed5c9825b30efa5580

  • SHA512

    3e4ce54ddcd3510ef44be5600ace87e95706f2e6f34c6c40722392c66d4b85fb5e7d0bf041a414cc75d7d039f6b1107a107659562f6e9dbc51e106080d58d352

  • SSDEEP

    786432:BOC4buygl9f4j4zVCsYzQ2CHGGkA65swR+g9uu5xorWxxpiM:kPvS487kA6524+JM

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

23a142269e47ce1692ccc9fb68473bc2

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      LICENSE.html

    • Size

      6.3MB

    • MD5

      6e638956244aaded2c92b77f9d421a81

    • SHA1

      f5269556b6fe04cfca5a1da21af718641708a666

    • SHA256

      652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e

    • SHA512

      f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1

    • SSDEEP

      24576:nPVZ5W5WS95zHIlGMmfu626s6W6a6q5AHOeQDph:SMn

    Score
    3/10
    • Target

      Unlock_Tool_2.1.7.exe

    • Size

      624KB

    • MD5

      1beffbcac74ae319dfbe01d15ff47e43

    • SHA1

      f80113b669a0c7e4a099b24d3ddfd8f438221a3f

    • SHA256

      4585e6cdb4eb5a3124793b630097969a1dc125373f8f40fd1964960eeb3a7897

    • SHA512

      d48df850f82352f02182f1773ca6a26e54898123fdcc098f0f04873070baaa0b887f0314446778fa8e3290e4e57c9c2d3d9dafbf869342c2337cbc58a1ea51c4

    • SSDEEP

      12288:UsSlnbfaUYu6og6b+bVw+sIKToZLVgTkIW/wTo+2KHZEO:JSxbyP0g8+bPRvZpgTzAwTo+2K5t

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      lesseeVariant/modules.dll

    • Size

      907KB

    • MD5

      dc05f0b8f1a32e872721d3486e6332b8

    • SHA1

      dbf055b0f934640fadcfaa93971fead8df7a3869

    • SHA256

      37ec5f998a5c376d4fcd4342b43a4163d1f043e0f7711e46677cd30013882723

    • SHA512

      0f89d713237ef11a1ef8d824ad9767bb13fb4f5f334acdd65af0ba6e54cec4a910398636683254b3fe4d46a069a1781187313684ff827a907b8b968134f6efa0

    • SSDEEP

      24576:z0OY4ZFajHYDTR2yfVbf+c6Z5WODYsHh6g3P0zAk75:z0CZFaj4HR2yfVbd6Z5WODYsHh6g3P03

    Score
    1/10
    • Target

      locales/resources/Data/Managed/Unity.Postprocessing.Runtime.dll

    • Size

      141KB

    • MD5

      a75ea867f8f13ad7e081f64c2407c66b

    • SHA1

      1a46a9ba7a024d91774a56190157683599443747

    • SHA256

      8bb91dcd3aff282bd37804adcaab5a6a0337695570909eb83d88e5900007be87

    • SHA512

      43a4de663a1f54826348ba24a6dd1beec996a59d194ee10d17c8fb0ff55430fa727a05b1c5377603c13e45b738bbef76435dc1859b0a5709fa9bae979a24c236

    • SSDEEP

      3072:mGxexnpaRblPXA5oOoSpM+k/slzP5kH/cJAr:m7wPYF/p0KqcJ

    Score
    1/10
    • Target

      locales/resources/Data/Managed/Unity.RenderPipelines.Core.Runtime.dll

    • Size

      180KB

    • MD5

      ada7730ee67447a643a760b5324283b6

    • SHA1

      5f246cd1a5859d1c21da052e4a8cdba545ef0ab0

    • SHA256

      b42119b70c05796d19617774336d8fd7cf988aa3d0fda6946edc68368bdd6a6f

    • SHA512

      5d33a1ed872396b284c1253e8b9098a96f81e316c82170b3589fbd9b1c29f59dd107d6700d963df0056b390887bcbc4d0cc983209df81e7096be89e7680b4a18

    • SSDEEP

      3072:/WsIlcGLwg9B8NiTR3QYCFGNEnbU06oM2GPtZvKxZfzXBLFJoS:XQwgIkN3RbXoM2GPtSzXBLFJo

    Score
    1/10
    • Target

      locales/resources/Data/Managed/Unity.RenderPipelines.Lightweight.Runtime.dll

    • Size

      59KB

    • MD5

      b4bf1c91fc65a1fd3723ffb34ebf8d10

    • SHA1

      795c1092026f121e4738f946a601834656503c76

    • SHA256

      f8ed3296a5b654fe27d27c0d613555acaafcb707cecc7d391f02c114cbf852c8

    • SHA512

      e8cf1c805f58907ee27f128029dffd153ccaff6f532d0204741216e026b614558a4395d9543172872fbdb49c9052adf99ae9aad1aaf1a16bae5bfa5b5751fb41

    • SSDEEP

      1536:E7GBI73Zw+OrbMe23xtet71WRhZBvwcfxz4oJE:Bc3Zwd/MjLZBxcCE

    Score
    1/10
    • Target

      locales/resources/Data/Managed/Unity.TextMeshPro.dll

    • Size

      308KB

    • MD5

      54b9fd4d5e1abcefbc692b4384761b82

    • SHA1

      a8f2235ba53960ed071bc7ec91fd818d2957eef2

    • SHA256

      08e99be19807deabf798bb8e97a9ceab23472e01e43aa8a505a8656bc21a4f4b

    • SHA512

      3a40a42da77f35b0bc064518d21d28b3033676dcfb9fd369333722894f4d84668b3f6eaf7738d89ac0cb7f5354e817e0b9af0c55de3056e516ef18250879b216

    • SSDEEP

      6144:Up+2Fn9DbBieSSd+39YPKlTfw9SIbPNJrZKCGeeZoF0:U82FnxBi/S832PKlTvIbPNFV

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.AIModule.dll

    • Size

      38KB

    • MD5

      9e8d7a9b34a223e383e79ac89d6ba2be

    • SHA1

      f43b425d6eb9a395f021bb3b463f062fa7aa4f21

    • SHA256

      0fdc7eacd631c4ded5b75e92c9b98b56cd13f063f2ea2b7ce7dad4a437f63597

    • SHA512

      d8c2947512c69495bf3e61bab2ca2ba65a300895ffcb3fbe5ba593861d92b8c14f600f73ff1fe4776961a96faa273c471159000a9228ce378b49b7f2453d9422

    • SSDEEP

      768:OYouZ7+t8Dz26iicuE/roMMLmMkBdaZBxVIqu2WhsieochdV2:OWFm8Dz26iiR6/e5W4hhr2

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.AssetBundleModule.dll

    • Size

      15KB

    • MD5

      c06cc346c6b711a2722ea0a63dece486

    • SHA1

      2035e7d0c24b72d4b20f3477ed7de644ff8d676b

    • SHA256

      d5a3bde4e5e979646fb00f20f524270172b6e51365b9abed1a0172e8cc77f650

    • SHA512

      d71126e0211ffde85edb0777b6434b208268c9b2204026c2a102bd88577337915165b6ef362859f79520ffc4376ddaeb01404a1100ea6f5468087778000cbf75

    • SSDEEP

      192:x0MKavB+BggRRwxqx8F+cmCWXvFc864MV6fiJ+5WyBcIAe1ciEUzvXSgdttd47fT:pe8kcmCWXvT7MIjvrcj/

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.AudioModule.dll

    • Size

      53KB

    • MD5

      3b8c0b887d976d5e77c4d93255a2a0de

    • SHA1

      c0406b81ee95b994f3a2f674ab7d82da2fe75abc

    • SHA256

      76c31d2db844f13e1cbcc92285c6cb8eb1a3d0cab73e16c2e799b0fc52b779cb

    • SHA512

      89ea417e17090839e071c3e499423c93ddbf0c01bca5a51a1e32440e9c4e31c4b8c4412377ba50873c82be77f615cf961fb2dd26c186761499381f031b061a54

    • SSDEEP

      768:DPYmE0gfl7aMW+mIzTQ2xwb/ferBv2I2+751+Ek028:E0fMW+mkKTer11+EkX8

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.BaselibModule.dll

    • Size

      5KB

    • MD5

      c1a66ab6d190d11f7c5d16da582e809a

    • SHA1

      333edd61f9ce3d633d8fc3be79d838fcdd9c94ad

    • SHA256

      92023ef1a965a661932386d0857e0c0da669a2fea5a3c964daac5559d547a6ee

    • SHA512

      5b898f343bc8d9d1f06fe9a1101513eb18b538abd1d737975f0120ea76881a53ae00837f1f72ab25ea10a0bfcb375613551f1a611e3b1d0978b0a67e54e972b3

    • SSDEEP

      48:6NS+LyYUJinKQr0D5SaTByEV33aLcjinqnqC5gOPul+0Y/ZI:mLlUJlQ8aLcjA0Iw0Y/

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.ClothModule.dll

    • Size

      11KB

    • MD5

      cf5fe12221b147e8d365887879e10719

    • SHA1

      9b33e2e288509c43f462280c6eef5008179d7296

    • SHA256

      bf4a02a48f25e67adaba9f73d8ac9746e1a0ecf3e5ef05afcf355de25e846ea7

    • SHA512

      d1d03c551debccc3c00b3db8a9ae56517d364fb8207e43c7f23c9a28bbd6b52766113affd7366d37084f7066b76c8e0842abdb8aa75d48410ccd0b79f6796ce1

    • SSDEEP

      192:06AtDEv401l3yYXI3G4y3ssQOJz4EzmSPedJFRft9K8xnvWUcj+Z:065v4011yqI24y3ssQ24EDedJFR3K8xR

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.CloudWebServicesModule.dll

    • Size

      5KB

    • MD5

      9fca86f7191b02389ad172f40cfc262d

    • SHA1

      e68df1c3d26351c952b4172ac899e145e963a58c

    • SHA256

      5ea741dea103ce91687eb93dd6a72b748bd6f01c00813fbdbb1708b038fd9865

    • SHA512

      7d91ecd5755fb113f91d7897bd32596698b67714fda8a60594c4455b8b0cfabd619a1d77f783870577f62cf331af648bd8fdfd4d5a55b1683d2f4f5625c987a2

    • SSDEEP

      48:6XFFeTYUJinK7ar04F54TByEV33aLcjinqnEwE+OPulLi0XINxI:ueUUJluiaLcjAKE2xi0XIN

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.ClusterInputModule.dll

    • Size

      7KB

    • MD5

      73efb0ed5482d484b7ba1e5585b2b072

    • SHA1

      0b0ad2d8350f0e44aa8665db8c8dd266361925ad

    • SHA256

      451357d130ee40a8f033aa0f16d33e3469f3482b01636ec39c1c3f770ce628a3

    • SHA512

      21a6a8621f40c667ada0b47fa5d7ec379a1ff152fa892871bc624199e42b304a021baa59ef63239602167e78f2b77ed7f1ade30547e372193cc7e64ec85e699c

    • SSDEEP

      96:WbXJMBj8Ew/FjUqEcNGn5khaaLcjpWQVdV0TIdC:cZMBR2FjUqEYGn5mTcjVeqC

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.ClusterRendererModule.dll

    • Size

      6KB

    • MD5

      cf2005559fca655f9bac73a6cc8b251a

    • SHA1

      4862a361cdae568739e5a1ed828f3eff5ddbc8e9

    • SHA256

      526b7cca3f818882eb41dbfa8cef85c5e358cce355db4167533a3161a3f5e6d3

    • SHA512

      fcfc0b290d902ab88a7835cbd647d5e025556b15e64af3479c1791f0d6410c62178e032fa41bca07bda2e6d09cb594d079f4b3b2660fc8e9aa3641c66e6e21ab

    • SSDEEP

      48:6CiN7XHniSSgIRFIaSyr+qgDfn9p7V2DPTByEV33aLcjOnqnpaOPuledk0gIdHZI:2N73iiNa3MMJaLcj0r0dk0gIdH

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.CoreModule.dll

    • Size

      758KB

    • MD5

      d6a477138859dd69f6f81e8d44e51e8c

    • SHA1

      f2317d05bb57552a852870fe22af1609b46c7716

    • SHA256

      8cffd80981c3e5b65ae82cda845281f94c7110ba38621d3aeaee5939694ff7db

    • SHA512

      20118c20320aabc88e40b465b86fce7733784726fd722026868c8e75b544799923d2a86f4eb4cd7cbddc3f5d86ca53f14c4ef9abd0f5c24da823111792a9cdea

    • SSDEEP

      12288:Q2lo8VXVKSuGOjMCMRRvBXK4gfL+CBzNzRtY:vo8VX1qM7R5B6tz+CBzTtY

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

vidar23a142269e47ce1692ccc9fb68473bc2credential_accessdiscoveryspywarestealer
Score
10/10

behavioral4

vidar23a142269e47ce1692ccc9fb68473bc2credential_accessdiscoveryspywarestealer
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.