General
-
Target
Unlock_Tool_2.3.rar
-
Size
43.5MB
-
Sample
241016-2rae6a1bqm
-
MD5
aba901d2df207e0fb7126ac4ed6b0b92
-
SHA1
2b054c739404e122e39c6e8b50d2af0cd0a31b46
-
SHA256
e5d4292ecf0f3e2c0f49c14054dd38fd3bb406dbdf6cb57c4cb51ba381323491
-
SHA512
af437424302b25d833e609fac5e103a1a7d9f2ac4aea7fa98771b9d43dae967d222d8676a2a5129d11188243466a8d3efb94cbcebec5eb0d2a192ac170602dee
-
SSDEEP
786432:oWERuckDMYkh5bPwA4NWZTxNGPFCMUJ78pdmha2rvvdOl4Eej:oWERaJkhn4gZtUsMUJIz2rvsqT
Malware Config
Extracted
vidar
11.1
23a142269e47ce1692ccc9fb68473bc2
https://steamcommunity.com/profiles/76561199786602107
https://t.me/lpnjoke
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Targets
-
-
Target
Unlock_Tool_2.3.exe
-
Size
1.5MB
-
MD5
875d0ab4d446da201127377ef3756d5e
-
SHA1
45cdad2ed72f5d4956d13ffcee2002caabc68625
-
SHA256
5067e33aee627b233fccbfa9516fdb2bb96216694a606986f986add251a856fd
-
SHA512
4ee704b5cc1cf693a511ca555de476ec76fa39b9993fbde102545a390e91ae286c57f7c4cd717b56748a1549e1c28c5e7cfde994f61dac0b762b832fed4d769e
-
SSDEEP
12288:1hzfw9F+PLs7BYQtUq6xGfMD/lienK07szdiNb4uhYUsZNYHjuO83IEO:Lw9FOYBYQ6xG0TI4QO4uhNSNYDu/4t
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1