vidar

Sharing

Copy URL

Twitter E-mail

General

Target

Unlock_Tool_2.3.rar
Size

43.5MB
Sample

241016-2sfcssxema
MD5

aba901d2df207e0fb7126ac4ed6b0b92
SHA1

2b054c739404e122e39c6e8b50d2af0cd0a31b46
SHA256

e5d4292ecf0f3e2c0f49c14054dd38fd3bb406dbdf6cb57c4cb51ba381323491
SHA512

af437424302b25d833e609fac5e103a1a7d9f2ac4aea7fa98771b9d43dae967d222d8676a2a5129d11188243466a8d3efb94cbcebec5eb0d2a192ac170602dee
SSDEEP

786432:oWERuckDMYkh5bPwA4NWZTxNGPFCMUJ78pdmha2rvvdOl4Eej:oWERaJkhn4gZtUsMUJIz2rvsqT

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

23a142269e47ce1692ccc9fb68473bc2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  Unlock_Tool_2.3.rar
- Size
  
  43.5MB
- MD5
  
  aba901d2df207e0fb7126ac4ed6b0b92
- SHA1
  
  2b054c739404e122e39c6e8b50d2af0cd0a31b46
- SHA256
  
  e5d4292ecf0f3e2c0f49c14054dd38fd3bb406dbdf6cb57c4cb51ba381323491
- SHA512
  
  af437424302b25d833e609fac5e103a1a7d9f2ac4aea7fa98771b9d43dae967d222d8676a2a5129d11188243466a8d3efb94cbcebec5eb0d2a192ac170602dee
- SSDEEP
  
  786432:oWERuckDMYkh5bPwA4NWZTxNGPFCMUJ78pdmha2rvvdOl4Eej:oWERaJkhn4gZtUsMUJIz2rvsqT
Score

10^/10

vidar 23a142269e47ce1692ccc9fb68473bc2 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  LICENSE.html
- Size
  
  6.3MB
- MD5
  
  6e638956244aaded2c92b77f9d421a81
- SHA1
  
  f5269556b6fe04cfca5a1da21af718641708a666
- SHA256
  
  652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e
- SHA512
  
  f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1
- SSDEEP
  
  24576:nPVZ5W5WS95zHIlGMmfu626s6W6a6q5AHOeQDph:SMn
Score

3^/10

discovery
behavioral2
- Target
  
  TypeSupport/Unicode/ICU/icudt26l.dat
- Size
  
  209KB
- MD5
  
  525de57b8d1167a4efb7eb00c013354f
- SHA1
  
  3f1ac2d2b6807c3ed2fc41351262712b72fad749
- SHA256
  
  b388595d6e96e51430bec6022b1a5635ca541e60936abd73342ae8319dfe6802
- SHA512
  
  dfd950d1220f46bf5f75c4130902bb63a4447c435d25386461a4e4653e73dc6780577fb51b14b182a1f2b1a38585914237625b199d806b6f80f9becc64eeff32
- SSDEEP
  
  3072:C5em1am14oBR+pa3sHxW5D+eXHdsdj5xkq7KV2Sq71c64ZAr3Abyc7dAzATXcErQ:CR1R/UFTSO1TPcaMm
Score

3^/10
behavioral3
- Target
  
  TypeSupport/Unicode/ICU/resources.pak
- Size
  
  4.9MB
- MD5
  
  df15387bf046715cc592a690da33e4b1
- SHA1
  
  ad93b08dff82cbd894f6a0a9733c70d7e564113d
- SHA256
  
  11d0f55c105883d203137a87a610ba793299dc4774fd6d8b3a86666a2c337041
- SHA512
  
  71244553d7b1b559fcaaa059622c340d22148bd5324fa3f6730d37322025dbfe5e853948b49b91db6022a25bca4ddbab8fe6ee1522a461963dfba04a7c93d69a
- SSDEEP
  
  98304:b6zN1Kt66I0+1Yk93pPVrXh188CYCUrwr1ISgMRQK8nXCpGm5vEybt:+zjKt66bGVrhm8hCUkrGsyCV5vXbt
Score

3^/10
behavioral4
- Target
  
  TypeSupport/Unicode/Mappings/Adobe/symbol.txt
- Size
  
  10KB
- MD5
  
  31d752fa13b4d1fc7b7b4747a3f6d3f9
- SHA1
  
  eaafd280b2ea187f078674b9a1d5a8206ccf4a13
- SHA256
  
  52dbabcdebe38f3e19e9071d6796fe49f1463f03d2d82064aab4a10bfbd4dddf
- SHA512
  
  ed402d201b19c9edeeefa17d2f82a480b8d16ce3235668a91bdd0e6f3b59cbb55bc7119a272c34d1c4e88999b6fe08697d65d65e7b4de44c197e57f2ff44f079
- SSDEEP
  
  192:sRDIlhfxjh5/q7Wr6KyfyHnW9WSQftm15VkCnl2moTTEmbZ3mrZWlBAjnBmnVRn8:sVCx27WuKy0W9WDlSVPlwd3C/BCVBFyB
Score

3^/10

discovery
behavioral5
- Target
  
  TypeSupport/Unicode/Mappings/Adobe/zdingbat.txt
- Size
  
  12KB
- MD5
  
  691886379048a5f9065ee903757af29b
- SHA1
  
  9f6453e6f027e771602ad98c5379eaa2b2469463
- SHA256
  
  e7651bcf12532af30c79c499e7a280ccbcd7f208436999a21b1500b07149bc95
- SHA512
  
  e2934bd4f36cc21e1d71c4fcfc3c31d091a54f04762b0cf7b20fd6bf70ce30fd209a406020c82c565005bc0677471eb524b5a537059e29e4231955fc9307216c
- SSDEEP
  
  192:IcRDIlhXomP1RueMV1tQdS6t0Ftjzt8CFrMbyaYQgtrtXiPIn:IcV+ombupV1mdS5SC+20I
Score

3^/10

discovery
behavioral6
- Target
  
  TypeSupport/Unicode/Mappings/Mac/CORPCHAR.TXT
- Size
  
  18KB
- MD5
  
  0fbad8e1c335ac42617936aa6f89ec89
- SHA1
  
  02ba453abfbe24b25c35a2d75c6134714b3d7d43
- SHA256
  
  83246b8c942cbacf1031445a99e62acbb4733ef4167bebfba2bd852869824eab
- SHA512
  
  ab9e0bb4cae4c72cbccf7d061f1f181dc86277e8e59424802422c6641bec864d3e87b2261d56cb7991e3f60c5c6f56a814073f7d180745b8499c05c39f93842a
- SSDEEP
  
  384:+aT8iQfVsEByru8n1ePc1RJ1lX1HEvSZ3:dIqEc/X1kvSZ3
Score

3^/10

discovery
behavioral7
- Target
  
  TypeSupport/Unicode/Mappings/Mac/CYRILLIC.TXT
- Size
  
  13KB
- MD5
  
  db4ed5c205fddd693dc9ce69cccad036
- SHA1
  
  ffae0be88d51d71fb1e496156564e55f874efad9
- SHA256
  
  10738cd5bba3b23c02d3655bf2afdf72daeaaef778cda562c6d10ae8d25ca591
- SHA512
  
  0402d575c17d03e7af8bf44f36ead7d4ccd283375b65d94597ed927a3975d5427483c681a2c604b6f61d796e9c92868620594b7661de6321920c23a6ba281c96
- SSDEEP
  
  192:BWDRi8BsiHopYZXC4JqANEZGWRBnBb7ec56ZmuZ6VfDjCfzB+CXp1:kDRDsiZZXC4qWTWRRBb7e6/o6NIXD
Score

3^/10

discovery
behavioral8
- Target
  
  TypeSupport/Unicode/Mappings/Mac/ICELAND.TXT
- Size
  
  13KB
- MD5
  
  48f0f1332aca28076f1d479d8a1c0447
- SHA1
  
  e19b21754d221f5fa53aecfb01b2578d9974f35d
- SHA256
  
  e04b3c96f65a27030b5e4b071d8e61b8ede1d94cf7bf7845262b29be2b7656ac
- SHA512
  
  7360aab0683f102420e850e5b0ca7e366f605aec7a3be4305dc0fb27270209a006dc5ae1a28f68a7c4241bd1a674a215ce9c197e25aa3e18744691c1b987abe6
- SSDEEP
  
  192:496i8BsiHo4wg68wkw3EZGWRBnBb7ec56ZcjVNs0sDTZLF8GYpfzIiB7Ubc3jTpM:66Dsi61kw3TWRRBb7e6vYMGPaO
Score

3^/10

discovery
behavioral9
- Target
  
  TypeSupport/Unicode/Mappings/Mac/ROMANIAN.TXT
- Size
  
  14KB
- MD5
  
  d39f6c0a8cfe6f118ffd105cf44dea90
- SHA1
  
  6c0ae83fd83e5b1af2d288b149e0f7907dd378cc
- SHA256
  
  ff13110e8b448b033f464184a1a07b4cd32f0f0fea203a4401c284073fffad66
- SHA512
  
  75a42575a542e95a9736deac09fe5480a52d514d9b09c2542a9bf7af1de104a3f83b29bf0c317b4d593d572bc1548728f2fb68115ab1506c5784528ae33710ed
- SSDEEP
  
  192:boRi8BsiHo/rUgyxUHwsEZGWRBnBb7ec56ZcjVNs0sDTZLzDvXYpfzTUbc3jTpGN:sRDsifxUHwsTWRRBb7e6vY9rhaO
Score

3^/10

discovery
behavioral10
- Target
  
  TypeSupport/Unicode/Mappings/Mac/TURKISH.TXT
- Size
  
  12KB
- MD5
  
  6bfac3d4ab3ac941a0b2a29a56de6f64
- SHA1
  
  cdc38c3e0de96c3f2b50448cf3dcf42d52e7e243
- SHA256
  
  9ecde6f591caed9c2ce4438884da5f22e35fbdbb97e8d80b43129b23a6791891
- SHA512
  
  1e2645df84c5392b09e85dac63970ba49dec9dee63c06548f7717fbfca2643646c1668202217ec836a663c4938fa45774d3c7a9a7254b926d75b0a32c90fd3ee
- SSDEEP
  
  192:y7gi8BsiHoGV1zjbweEZGWRBnBb7ec56ZcjVNs0sDTZLzGYpfzRzUUbc3jTpGNlw:WgDsiX1zjbweTWRRBb7e6vY9Gka3
Score

3^/10

discovery
behavioral11
- Target
  
  TypeSupport/Unicode/Mappings/win/CP1250.TXT
- Size
  
  9KB
- MD5
  
  3c9476725fbfeeffb9f549d995ee2815
- SHA1
  
  8e2502eb4fc5137ae6e776d1f1804a3afb6eae31
- SHA256
  
  cf79ba755416ae5628a9dd1f870306b5a45fd6b256efed0c2ac1cc2ccb3307f0
- SHA512
  
  ff35c0a6a878c303567d957c0e465cd9bcd0678c1be3953b3438c686b4f739fb6f47a465465119b474d468d46b19397955e688fc2b92f71abbec276be072f5c8
- SSDEEP
  
  192:a0LuVb+Mu1eIqY/tJVLTjbew68i/+raRKUWKfThEYh4AIhvDHFzxn62hxSAWUMuA:aV3+qw7VLTjbewlKfn+Qx
Score

3^/10

discovery
behavioral12
- Target
  
  TypeSupport/Unicode/Mappings/win/CP1252.TXT
- Size
  
  9KB
- MD5
  
  93fb108016f8a1e87e4129b21fe9984b
- SHA1
  
  f6d6b1cac29fdffe774e5175cb60970ba373a656
- SHA256
  
  fca3ab5882f0a562794f05d7f15a39157c59d7c07fcbac79ab7cf3d12c979541
- SHA512
  
  e0679ddb288423557170c09bf6848d6d8d74f9e70bd751131db7bd248446606db856a86af7ac8e3500b2950261de199a5ede444d8bf451ee1ccc6cc854151342
- SSDEEP
  
  192:YUsVb+Mu1eIqY/tJVLTjbew6SiNNzu6NSCYyhrt0K5n9dWGufxvH+Gv:Y93+qw7VLTjbewtUSLO+RV
Score

3^/10

discovery
behavioral13
- Target
  
  TypeSupport/Unicode/Mappings/win/CP1254.TXT
- Size
  
  9KB
- MD5
  
  65d7c9205e1a1393b8530670add4e596
- SHA1
  
  535cada91e5fba038e0fd9f2214f91a83c3be45d
- SHA256
  
  32fa83c6f8ad346e66e544640942906e0a91cc0d2075324b7f244695de5740a5
- SHA512
  
  95798f9e068a82380bdbdf649a2dd2f7cc72206444de0a7b9ab2de2cbd9938dc0856f2a0faeb29bcc965900448dfb0e7dddef0cc8e1c5711896f1b82d40a3ca1
- SSDEEP
  
  192:uWKVb+Mu1eIqY/tJVLTjbew6SiNAH6NSCYyhrUJ0KXdWG0xvfxvHZ:ul3+qw7VLTjbewfUSL5y/D
Score

3^/10

discovery
behavioral14
- Target
  
  TypeSupport/Unicode/Mappings/win/CP1258.TXT
- Size
  
  9KB
- MD5
  
  88e9b5216b90d0332bd2cd4fcee88a22
- SHA1
  
  748ec8b8b4427f3b48b23b3b224c1cffea2dd169
- SHA256
  
  f53d0ffb7f3c8182794331cfdd2fbcf77ff6dbdb05b415c98cc8d6fc49dce2fb
- SHA512
  
  9d5d6e0cf41e9054d3c9253cec0a482dd97e412794523e352c06d39666931b1d8291fef1c5bbef629eb7c1bb53d866fe2eb925cb314026bf027eaabb1208f0bb
- SSDEEP
  
  192:Sy2Vb+Mu1eIqY/tJVLTjbew6SiNne6NSCYh3hDDEYx1W/nxKHK:S13+qw7VLTjbew/USLkfz
Score

3^/10

discovery
behavioral15
- Target
  
  Unlock_Tool_2.3.exe
- Size
  
  1.5MB
- MD5
  
  875d0ab4d446da201127377ef3756d5e
- SHA1
  
  45cdad2ed72f5d4956d13ffcee2002caabc68625
- SHA256
  
  5067e33aee627b233fccbfa9516fdb2bb96216694a606986f986add251a856fd
- SHA512
  
  4ee704b5cc1cf693a511ca555de476ec76fa39b9993fbde102545a390e91ae286c57f7c4cd717b56748a1549e1c28c5e7cfde994f61dac0b762b832fed4d769e
- SSDEEP
  
  12288:1hzfw9F+PLs7BYQtUq6xGfMD/lienK07szdiNb4uhYUsZNYHjuO83IEO:Lw9FOYBYQ6xG0TI4QO4uhNSNYDu/4t
Score

3^/10

discovery
behavioral16
- Target
  
  langs/English.ini
- Size
  
  107KB
- MD5
  
  525ce1c02ca53f9c63cb697ed3aae899
- SHA1
  
  9ddc2763d9dd663f3cb0febf0d580e21c52c2f18
- SHA256
  
  0f9d467f6bb6f682c0d1351b26038950c73720f2bfc0741ec1c7bfab2046d75f
- SHA512
  
  734d599d839b1266c42f340e044243ae30d1859d314eed7738f72f59201d19359f1ac6ee0cac8bfef4a0a2b8f2232a4f1f33336770c8c43f929c1bef162d2317
- SSDEEP
  
  1536:5S5Ybl8/lKlXiF3y24FMuRvV5I7BohUT1:xxXiVQV5uJ1
Score

1^/10
behavioral17
- Target
  
  langs/Hungarian.ini
- Size
  
  107KB
- MD5
  
  7591df7fae4342cbc7a0706e1b28e87b
- SHA1
  
  825e88ad498e8713522f5aef3b21ee01d6fa8b41
- SHA256
  
  fe9997629d296908247a2e82da6c369e2ea7eb4c87b12fc7c8d3ecb3e6fc320d
- SHA512
  
  8f58c6fbaf5ea140a3ecbbc88cbf4bdd0e0ba3fbdf169f4b7cb831094a47a6ead103f89fc07748f91d1396ebd13c7ebcc90a316f0eb203ff4c86a50be5cd3ca4
- SSDEEP
  
  3072:UaKBsDgGod8NAH4iyf8kXrLfKgL6YhL+L3yGU:73X
Score

1^/10
behavioral18
- Target
  
  langs/Japanese.ini
- Size
  
  91KB
- MD5
  
  36d47bfae8d0d48d56b7b1feb3b317e7
- SHA1
  
  1d8d59aa40f765319fcb70a9f49e997aca305b89
- SHA256
  
  9077b41d743ed6af51cd9b8aedaebb6d1e0e6217825635a1aa9451994efaff0f
- SHA512
  
  b510a5b17e52778b87f58aaa61f222f11c6190a988440789d1d40591aebdcc7311f7bb3bee9621ab8d971dc2de1ec6ed4d52598b3808dd689f693c3e5897f938
- SSDEEP
  
  768:wPZoCIywqTgXCaNnWYjV6UDFlv0Gaf9xS7ua6PE0FtrqGv0ZQkxKQRTM94DGNWdN:1CIywqTKnWKV5GAQkxHKUfxJYNeNx
Score

1^/10
behavioral19
- Target
  
  langs/SimpChinese.ini
- Size
  
  86KB
- MD5
  
  7aad044a68d89d8bb5a202f8bc69d87c
- SHA1
  
  e20ca69d6f4d1612dc4457612a4b5e4808470bf3
- SHA256
  
  1bfa864f7012e64f5c1656fc5636ea29e87e2a45b5eb2c31a3b20643fdd8ad4d
- SHA512
  
  1fe22968bcba141229d8a4d36f8a7d300e44e76ea701d6a07430854567d15c8b8ebaaacb646d038a89273414c5b2a48562407ca31ac9c75e1e22fece73686625
- SSDEEP
  
  1536:SXm7cLrzWFubvgkOvAbGCgjhRrERD+0xs3sqPHGUt471J2BZIn:8FKNPHGVt
Score

1^/10
behavioral20
- Target
  
  langs/Slovak.ini
- Size
  
  109KB
- MD5
  
  fcba4d2df72a46575ca828c807224431
- SHA1
  
  265e34f895f4b2fbe98a39b960c385be7309dfaa
- SHA256
  
  b5b2f7fc1c62f1c8161ec59af79cf5e8f12cb0070264703087dcc5cb58e7352a
- SHA512
  
  6edf1e1484225455b76a1deb6c9f02857433a941bc0aececb916f0aede4398a4f22e70e9c152bd6a78ba2f02f11237a6ee92fb05b21374d250f680b56c6a5cc1
- SSDEEP
  
  3072:2ykd4BlB1wCoG9Yhgt8VQcGlW2Jw/6ro5pw9v6Nv83diJoTNfaRlnCoUjZ5bYtZr:P1wCnyNYpCaAWK
Score

1^/10
behavioral21
- Target
  
  langs/Thai.ini
- Size
  
  103KB
- MD5
  
  b193d9eacf4afac3199e11b4f4cb6572
- SHA1
  
  9b3f47c3674b11e16df5ba6d5d29d2698a3e1694
- SHA256
  
  172276c875a496c173b349e24f7dec66ddda24f6a424120a13de73ef5e70ba07
- SHA512
  
  11a6971e4ba3c03822de4a46bd9854f2a1525b5380000afac9eddb5d644ba4af0308454413016c859960ce4cf49efe0dbea4a59651b6127d643d1c7eaec34f32
- SSDEEP
  
  1536:5fJMD1fKNP5/l3X8vruiFDKn+0PRs5jWY+APLR2lw:xy
Score

1^/10
behavioral22
- Target
  
  lesseeVariant/modules.dll
- Size
  
  907KB
- MD5
  
  dc05f0b8f1a32e872721d3486e6332b8
- SHA1
  
  dbf055b0f934640fadcfaa93971fead8df7a3869
- SHA256
  
  37ec5f998a5c376d4fcd4342b43a4163d1f043e0f7711e46677cd30013882723
- SHA512
  
  0f89d713237ef11a1ef8d824ad9767bb13fb4f5f334acdd65af0ba6e54cec4a910398636683254b3fe4d46a069a1781187313684ff827a907b8b968134f6efa0
- SSDEEP
  
  24576:z0OY4ZFajHYDTR2yfVbf+c6Z5WODYsHh6g3P0zAk75:z0CZFaj4HR2yfVbd6Z5WODYsHh6g3P03
Score

1^/10
behavioral23
- Target
  
  locales/resources/Data/Managed/Unity.Postprocessing.Runtime.dll
- Size
  
  141KB
- MD5
  
  a75ea867f8f13ad7e081f64c2407c66b
- SHA1
  
  1a46a9ba7a024d91774a56190157683599443747
- SHA256
  
  8bb91dcd3aff282bd37804adcaab5a6a0337695570909eb83d88e5900007be87
- SHA512
  
  43a4de663a1f54826348ba24a6dd1beec996a59d194ee10d17c8fb0ff55430fa727a05b1c5377603c13e45b738bbef76435dc1859b0a5709fa9bae979a24c236
- SSDEEP
  
  3072:mGxexnpaRblPXA5oOoSpM+k/slzP5kH/cJAr:m7wPYF/p0KqcJ
Score

1^/10
behavioral24
- Target
  
  locales/resources/Data/Managed/Unity.RenderPipelines.Core.Runtime.dll
- Size
  
  180KB
- MD5
  
  ada7730ee67447a643a760b5324283b6
- SHA1
  
  5f246cd1a5859d1c21da052e4a8cdba545ef0ab0
- SHA256
  
  b42119b70c05796d19617774336d8fd7cf988aa3d0fda6946edc68368bdd6a6f
- SHA512
  
  5d33a1ed872396b284c1253e8b9098a96f81e316c82170b3589fbd9b1c29f59dd107d6700d963df0056b390887bcbc4d0cc983209df81e7096be89e7680b4a18
- SSDEEP
  
  3072:/WsIlcGLwg9B8NiTR3QYCFGNEnbU06oM2GPtZvKxZfzXBLFJoS:XQwgIkN3RbXoM2GPtSzXBLFJo
Score

1^/10
behavioral25
- Target
  
  locales/resources/Data/Managed/Unity.RenderPipelines.Lightweight.Runtime.dll
- Size
  
  59KB
- MD5
  
  b4bf1c91fc65a1fd3723ffb34ebf8d10
- SHA1
  
  795c1092026f121e4738f946a601834656503c76
- SHA256
  
  f8ed3296a5b654fe27d27c0d613555acaafcb707cecc7d391f02c114cbf852c8
- SHA512
  
  e8cf1c805f58907ee27f128029dffd153ccaff6f532d0204741216e026b614558a4395d9543172872fbdb49c9052adf99ae9aad1aaf1a16bae5bfa5b5751fb41
- SSDEEP
  
  1536:E7GBI73Zw+OrbMe23xtet71WRhZBvwcfxz4oJE:Bc3Zwd/MjLZBxcCE
Score

1^/10
behavioral26
- Target
  
  locales/resources/Data/Managed/Unity.TextMeshPro.dll
- Size
  
  308KB
- MD5
  
  54b9fd4d5e1abcefbc692b4384761b82
- SHA1
  
  a8f2235ba53960ed071bc7ec91fd818d2957eef2
- SHA256
  
  08e99be19807deabf798bb8e97a9ceab23472e01e43aa8a505a8656bc21a4f4b
- SHA512
  
  3a40a42da77f35b0bc064518d21d28b3033676dcfb9fd369333722894f4d84668b3f6eaf7738d89ac0cb7f5354e817e0b9af0c55de3056e516ef18250879b216
- SSDEEP
  
  6144:Up+2Fn9DbBieSSd+39YPKlTfw9SIbPNJrZKCGeeZoF0:U82FnxBi/S832PKlTvIbPNFV
Score

1^/10
behavioral27
- Target
  
  locales/resources/Data/Managed/UnityEngine.AIModule.dll
- Size
  
  38KB
- MD5
  
  9e8d7a9b34a223e383e79ac89d6ba2be
- SHA1
  
  f43b425d6eb9a395f021bb3b463f062fa7aa4f21
- SHA256
  
  0fdc7eacd631c4ded5b75e92c9b98b56cd13f063f2ea2b7ce7dad4a437f63597
- SHA512
  
  d8c2947512c69495bf3e61bab2ca2ba65a300895ffcb3fbe5ba593861d92b8c14f600f73ff1fe4776961a96faa273c471159000a9228ce378b49b7f2453d9422
- SSDEEP
  
  768:OYouZ7+t8Dz26iicuE/roMMLmMkBdaZBxVIqu2WhsieochdV2:OWFm8Dz26iiR6/e5W4hhr2
Score

1^/10
behavioral28
- Target
  
  locales/resources/Data/Managed/UnityEngine.ARModule.dll
- Size
  
  21KB
- MD5
  
  2695ae3d4a27b71c9d8a19b97c47e79f
- SHA1
  
  d7bf4cbe69839efbfea32995ec1616fedc295db5
- SHA256
  
  3598c5eb22d7afe3c738df4d019f835e67bc6724351bd69fdf106ad55feec126
- SHA512
  
  60e0145de99462f79fb77f707d57e56a99f25b9da68a9162af901be7d19b8ad7b1de84d7c44a6a4f4d77e3b720fe56f3f1a0e10a284f02a812eb6d12bfa9ff4b
- SSDEEP
  
  384:5Ny1fGJeg0A9CNRiA2As2rZMo8fiujw/vVP7NuLk+J0lcK9cjQ:5xJL4p2AsMMoNujIJ7cLkwi59n
Score

1^/10
behavioral29
- Target
  
  locales/resources/Data/Managed/UnityEngine.Networking.dll
- Size
  
  250KB
- MD5
  
  c0f563d141f67d17eb1364bb7e3c2690
- SHA1
  
  840cd5373b1df73f8bc11736f407485cdc56c41a
- SHA256
  
  5d44c7bdf640be9cd3139f2d3565a1c652a2e8a7e533540b5ac78718b5a90067
- SHA512
  
  97e754f8a332f31dc1aa6b501cf358cbaa4f038c50cd3546f416bd10df0c5c922bd91afabf531ac6f9f19f3746ae809cab172d5a901bac1cb4a30aa99c1e1b43
- SSDEEP
  
  6144:PjKeO0vRwfWPdwRCcAONC8BHrLOKTur+4NgHdVq8k:PZ5RwfWPuTdVq8
Score

1^/10
behavioral30
- Target
  
  locales/resources/Data/Managed/UnityEngine.TimelineModule.xml
- Size
  
  171B
- MD5
  
  549492497e200aec7b51948ce3100b19
- SHA1
  
  e521cce6a52ce975f54b201a652376087e264d96
- SHA256
  
  030df7c77ed4b9249b6ffb7eb72ef139933d22313c7921f87d340d8790f81fbd
- SHA512
  
  1803618e4252b87f0bcf60655a22cd639ad63bce8a93aca297d74ff91bc1f4add078d588c1e078d8c71d9414ab2fd8d3d7417259ce22e9179252a4d7cced6d1b
Score

1^/10
behavioral31

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Unsecured Credentials: Credentials In Files

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31