General

  • Target

    Unlock_Tool.zip

  • Size

    49.7MB

  • Sample

    241110-jacj3ssdlr

  • MD5

    b94ff5c9d88bb94471136eb639a64420

  • SHA1

    c2b2053f395f50a82503b084af65e8e803efabc9

  • SHA256

    1f7746f66fe34a60c699d206480985db98616fa0c5bb990db70d808efe0ffd22

  • SHA512

    cea383399d2d2b94e50e92948faf3d5403100edd76d17b108ba06e7560834cee6d73924df581e47fd8f55b82bff2c45fe2fa2685d64c9ceec28698ae41bb7c96

  • SSDEEP

    1572864:6aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAO:VMna8Pwa0m222Sd26vO

Malware Config

Extracted

Family

vidar

C2

https://t.me/gos90t

https://steamcommunity.com/profiles/76561199800374635

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      Croatian.ini

    • Size

      105KB

    • MD5

      8477123868f12632d652c6da5df683c2

    • SHA1

      23dbeba17e366e1bb5e7d7be156a9be309c9555d

    • SHA256

      5bf2b70edb78073f3ce4fe6d809a3a25c982cb2840b8ebaf4367ebc42f16bd3e

    • SHA512

      b785f8d680f22211c01cfa59cdf86f1bfdeca0446c1c26fc2c144e3018773d22e4050c95cd513d60df9b226df31dc504b5059db168977b3949dbcc428a7ff30d

    • SSDEEP

      768:w0VnpiuM0pY1HIlw1VoIGRweBLUab7Fno8wBtA1yR4IY52t9RM8wE4c+Tyb3TRr2:VdpiuM0pY1olaEZLUYg4c+7wvO60ll

    Score
    3/10
    • Target

      Readme.txt

    • Size

      105B

    • MD5

      dc725c7d51887c1b081bca0d6a7571fa

    • SHA1

      88134d6eccf7b128d20d6c77973e708b78df675f

    • SHA256

      365e3615f862ac76420f2aa4665be1960f354d01a4715f2c70218a5f80b27cc8

    • SHA512

      26ae4bb368c69167334722841af8d62e3b3965cc6d25efa683df58857d7a03de10de37c4f22205eadb826f504cc7ffe81337b6f5f958925d84be4920a163f7b5

    Score
    3/10
    • Target

      Unlock_Tool_v2.5.6.exe

    • Size

      1.1MB

    • MD5

      b067c29195a13494802f2eab3a9106d3

    • SHA1

      adca61f35491b5eb7d85daaa917f96d666e9d612

    • SHA256

      40592e02eec664b6c7358d2c44eaf1b019ff171755a9b824f0cf180e4f4251c9

    • SHA512

      5c49e56265ce8df8b89b783d8d1e5468abf50348376fabe290e00d766c9e1d72f05c46b78fec6506f3e55ebe7f19b3afe8381cf91de036aa200f124f9eb902ea

    • SSDEEP

      24576:YwpOrt477q5ltoeMyOxVBQAFMs0Se2gcxKXLMA1n7g0tuTgC46Wwr7v:YwP7mleBxVBQAF10l2gcxK72gd3u

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      langs/H_Hayat_x64.dll

    • Size

      111KB

    • MD5

      1f39f078d03461a104336c68c8927505

    • SHA1

      d54117a64c1d69399c2b978804971b2819ffeb8e

    • SHA256

      5ed02b75802ee6bba47dd1c0064732329f98c0a3dce76ae4317bf398d5122f44

    • SHA512

      f94797dbebbaa73310253ae3e573c6aa06717a9f832281363f6ac5dce47c2a6311eeb83bcf98db85f0c7205f6039196f575f61a9d6a3ed7ddba48bc2f5f1b725

    • SSDEEP

      3072:Z0MRxLQXSljMSGVUjSFgWvNdta5PCpBXgiMtISY1ViH4X:BkSlITUjSFg/Pgp1XX

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      langs/Qt5GuiVBox.dll

    • Size

      6.5MB

    • MD5

      fdb292453760d9bc3cdd0b54013c6a99

    • SHA1

      30d27da6ec867ed2b8a53384ac947b812d9d7cbd

    • SHA256

      86f6a04fe611ca402d3c4841561f5b396ce61f0212bb6da58c7274532e2cfd14

    • SHA512

      eca792cc814c0d072ecb866da4a5ac41629758c91faac4cf3f5947191899919c72a1462ce97bc49382afef44780302f7ac3fb2052cfe0cdc8d2a3f390a870c66

    • SSDEEP

      49152:onEioloxnujFw81clK7uqtfMxzWHIbi/CCwjxpE4RFzwToN2BM7PV1HbSTiBAym2:OEiEZEqeHX/RFKociJYtl8vsOM04bm

    Score
    1/10
    • Target

      langs/Security-Common.dll

    • Size

      1.2MB

    • MD5

      c5c4d6351af07abbaece1a4aa03c21fc

    • SHA1

      0c08ff968aa41a5cc5ac5c70bc98448d8a7d9b2e

    • SHA256

      3054976f132dda71b964b9303757078bfb75e94f19a2d2100180b86a8263384c

    • SHA512

      6283ddb41619cca6ce6389896b045307feb3051c9e0065fc0f68c02e9e88007e4b8e967afbb873cbc02682eca76988aeba5defc9cd696ea58daa3984b1ba0238

    • SSDEEP

      12288:c2SL/WMO8k65sFAkOLCjpN/BYP2jJHs9T/+WWUOOnDPgXz3On6LXfu0ztGtdBBEE:ch7dk65IDBFO9T/dnDPV51X

    Score
    1/10
    • Target

      langs/VBoxClient-x86.dll

    • Size

      669KB

    • MD5

      8499bcb782e639b57abb8b503d410eb8

    • SHA1

      a4e3363a30c02fe999eedfed50a8dd200f4c46c9

    • SHA256

      84b47308abc293515fa8b682d7ede3a53fed426a7073cfec466bcde681da715f

    • SHA512

      344132b5148ce38174230efb51b0aaa85709bbe2f34c09ff47e9390324ee1139423717cc461e7f276db80fcb86a0509ca92cd84a18b7657d3da65c8fe427fc39

    • SSDEEP

      12288:BfWBgRdNVSnkjiLSRHhWsfl4GhW0TAZoq:BfWBgRdNUnkHWsfl4Gg0ED

    Score
    3/10
    • Target

      langs/VBoxProxyStub-x86.dll

    • Size

      666KB

    • MD5

      6d3c7d2e108cbb7b5389f51ff68bcb9a

    • SHA1

      e47006dbd81b0ad005dfe95339bb54ac59b20f47

    • SHA256

      53ed3512437fbeb4277c24790ce67db048f81b60c3669765541495ef88056b88

    • SHA512

      0b69c294c32beff25e91ccfc5fd3b26ff76e8a92b81b3f69fc0065ae6c8d8a676039303cc5195bff1d71735a1af97f920ed1a9911bcbcd27a7532f7539605fdf

    • SSDEEP

      6144:HzhEDInt1CqI2HVP5CkxQ+1QYCQkdJvdkjiLSRen4QI2QjWsfl4GZrWJ6TPRcoLZ:H1EPCSnkjiLSRHhWsfl4GhW0T+eZ

    Score
    3/10
    • Target

      langs/winmm.dll

    • Size

      4.0MB

    • MD5

      11f756e2fa97d0fb46c2875b11dfde52

    • SHA1

      e0301b76305ae22fbcb043a85871d2f7604c35ac

    • SHA256

      3c0bd30009f4c97bb96742dbb873efc062a111bf6f4a39b808471310628bb42d

    • SHA512

      b9a1c54225871089ae13a87da0e5e3e6f58be054dc2a9018a070e9b950e69abe97dca512d1258c94827b2e192bb6f5dbb1684219247604cd9fa94bf167bc2ca3

    • SSDEEP

      98304:NJ06y8mfFEHhjaZ1m4OiPUDx9oEZmEu/5mGFY/3FP8:zKtIhjq1m4HPUDrEX/Q1/3+

    Score
    5/10
    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      lesseeVariant/modules.dll

    • Size

      907KB

    • MD5

      dc05f0b8f1a32e872721d3486e6332b8

    • SHA1

      dbf055b0f934640fadcfaa93971fead8df7a3869

    • SHA256

      37ec5f998a5c376d4fcd4342b43a4163d1f043e0f7711e46677cd30013882723

    • SHA512

      0f89d713237ef11a1ef8d824ad9767bb13fb4f5f334acdd65af0ba6e54cec4a910398636683254b3fe4d46a069a1781187313684ff827a907b8b968134f6efa0

    • SSDEEP

      24576:z0OY4ZFajHYDTR2yfVbf+c6Z5WODYsHh6g3P0zAk75:z0CZFaj4HR2yfVbd6Z5WODYsHh6g3P03

    Score
    1/10
    • Target

      lesseeVariant/scavageSextos/muncher.xml

    • Size

      72KB

    • MD5

      a57066ca589a62d0b64f3de21ced7c4d

    • SHA1

      aa132ad7ef5b9e8ba34e406e08c59a79eae4bcc5

    • SHA256

      9d7262468fc228355e1c5cc403ebc4265cdd1af71741c9241ce22c371c8b2cad

    • SHA512

      f6648a1f23b2a4558f5cea3e5a80999bbcd0ea5a39e2af3ca8e25b01f0df05268859fec20c72e8caf8666b91c5fb681ae47174d490513673da51b0012a08ad6a

    • SSDEEP

      1536:8Xk1VJPp62bTFKMM3gir3SoyE1ruuIbjulkAifuTY:8XQfPEiT0Marhr1ruBj6kxuTY

    Score
    1/10
    • Target

      lesseeVariant/scavageSextos/raphanyNoveletCreatin/becivetLadakhiUncloud.xml

    • Size

      68KB

    • MD5

      fd9b1827a875fac623a9ac397efd2373

    • SHA1

      4f8b83c8a94c24099f788965424baaa4f89ac330

    • SHA256

      f71244dda7ebba392aba8b65dd4f7f919bc1fb15a0551b2e0ee26a644c413afa

    • SHA512

      bfd078002624d52f195e4ac55a95f8ebabc978bc573b027c6d2d047a44d1b87470edcdd2b8a7abf4de50effb4d9a12b18cdbe526f72cf2d149ff8dcdac239946

    • SSDEEP

      1536:oVlsnyEXyUrFB4ip61lLn57usUEh86WxnZmrwC7U5:oAnyEXyuYipilLnJusUdfnZcwC7U5

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.AIModule.xml

    • Size

      78KB

    • MD5

      ab129fa4d0a2e273c965b3555797e15c

    • SHA1

      6b02a5532b9c5910ddb653649482102223df70fd

    • SHA256

      b4739b823bb5e399271f449b5f960ba6217ca8727ee5cd995752b411286d42c0

    • SHA512

      5b6e018394d139c6f64abbae8e6cf4529ea23632f3454995b3716e2ff1c3998665a05a834a7d7c9893c4c92b988dc2b25e3f8d2d361b9c7bf0f055dfa5c44f2d

    • SSDEEP

      768:xFOQWFcCaa7AgLrC8NWs2fMdo2Ajd5Ne4qlSu5OOZDQc0bItVBaBEGPa6//H:yQFq7Nu2Ajd5NeIOZkc0bIOH

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.ARModule.xml

    • Size

      2KB

    • MD5

      5d1c9e3e706c5bea31fa40aedbf50529

    • SHA1

      6978d0063822e3af21de70d36ce3b5c110c2b6c4

    • SHA256

      87154021308c172fab924032bde59964abd961bea2f2d2146ba52adc1b31b4bf

    • SHA512

      8fbad4241396cbbed421e5d9bda4d4f6fa475632363e46f766cbed0eb97c7390503a7e5ad82d74ed01a7674d220605be208f1f63d1b57cd9238924dd1421cf6e

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.AccessibilityModule.xml

    • Size

      1KB

    • MD5

      a35a08dd53944ed62dd0924e898b6e17

    • SHA1

      4a67a771417d2514a0c5dc54c5f34a50019479bb

    • SHA256

      513410936cda036e9e9d79fb1b06ffaac2c426f36df33a993cd490e4c704260a

    • SHA512

      b5e0cb7e543460184e70389ebb9c3255e7a3896e35cdd98ae6a239bc86add5b1426b99c24b0d3f04c87e939e5205750b3ac6db3eec9bb701e3b2699a0f8be481

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.AnimationModule.xml

    • Size

      209KB

    • MD5

      2f2e21e4f4ecd9c21c1e118f88939625

    • SHA1

      ade938b063ef9dd51a895a413e12a2660c0737e8

    • SHA256

      5eec8b00cd98c832368d8028b400ad454e232c3cdd51a195ffab52374fb40026

    • SHA512

      13551fd75e5d539d183c9f28ccf614f0fa6f4fbed04b78ade1bbe2403683e699b19e1d92631f4efe9625623e45bc138cb3521f2749700159eaaab83b29fb64db

    • SSDEEP

      6144:2RSeNpGG3+3E52NMPZwXRwfcwOZJe+OFa3Fftw4TGiN8+x:2YHR

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.AssetBundleModule.xml

    • Size

      14KB

    • MD5

      6c183af7ed14091d34816fad859b43ce

    • SHA1

      9e96e7668425f660ba4896a7a400a5bdd6322de1

    • SHA256

      423d1cdd09ebea909a2bb618cfe5141ec682ba99af93996e64cc3fe8463298e9

    • SHA512

      ef19c7ef85930bc8af51158a773f0987518eb8f882068f73cebb40aade8fb54af2dc335cec6062cdd4f4dcee52f441556a0d6da59efea93184380daca8215fd7

    • SSDEEP

      192:n8/y0/GNE+8dLawoB2MoV6hRw9EXj9EXSD9Eg99dM99hR9YUcR9TyVU3rSTtn:ny9Ez9EI9Eg99W99hR9OR9BrSTtn

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.AudioModule.xml

    • Size

      87KB

    • MD5

      3e5be0e356a08388e457c076f1167182

    • SHA1

      33ab8625d0c65c9e7aa79aa324da28c0265d2275

    • SHA256

      d37f2491407c367ebdb8715589b19fb5f6d5e7e1dc9c3faf60cd1c7fa791a4ea

    • SHA512

      9a09b25be789773858c32b3c76a6774c2247a94c32c83672f66a53a005f284ecc3804512ca15831a11436bad9f18e5aa22275b715a6a9214c6493e50bca374c3

    • SSDEEP

      1536:qoFP6UotADx3FIuc7gx61A1s1i1s1C0+0m0QlA1lkKYZf:qoFP6UotAF3Tc7j1lkKYZf

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.BaselibModule.xml

    • Size

      382B

    • MD5

      692edc9bea831f3cc5f5734e3fdfee65

    • SHA1

      ce37da517b86b91b2cf33227f2021f58f80bd660

    • SHA256

      7c7db59b38006ec8662677fa7e992eccb9d4088603ec23a8754e10ecaa61aea9

    • SHA512

      215260c23a0f5d93d1124763b81fa43bfc5999b8f9110c0db2782dd08042b4cfd49d2fbaf9c67df97a1b355e276328745d36067f023ff5f759946ef0309c0a96

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.IMGUIModule.xml

    • Size

      283KB

    • MD5

      f1b9be29373c77e60b8113ab52412ad6

    • SHA1

      22c6d76ef4957a72d4400fb85e628901646259ae

    • SHA256

      2a07c70f84c51519799579d61836df06c694c2ed745a1dc1eee8e2cbf26e89ca

    • SHA512

      abe8f27328d7256489dffa969415174864aa133aef0e5d82ff3ba6a7ac613e5db2a7bf861e3f92635cf650ad6fd846bcf9eae0aa642e4f8e4bd06e1460fb5209

    • SSDEEP

      1536:GsH0404LEQ+rBPDN8HzDREm1ZbAMG4pG4AG4EG42G4pG41HnN+IH0D5euGrTXHcR:h040XPDN8HzDREm1ZbApHnN+QU

    Score
    1/10
    • Target

      locales/x86/ACE.dll

    • Size

      1.1MB

    • MD5

      d0ae82cdf9911bec3eddda128602af04

    • SHA1

      58e167521f2b028d03aeb6c926d34c2c969fa9c6

    • SHA256

      f9675304d13efaee32e6b4a3317b64231a59b684532a898d12b4e7ed88518afd

    • SHA512

      c1520462a8e02ab09e2a101207e88cf6861b48c32b7c2523047251496479740a84987fb19aba4dc8610abe2c81e5f7dbc80c51b8667f4953e17dda583d27557d

    • SSDEEP

      24576:tmGLzPLOXbuKR17zBXE+MXRHRg2yTEg863NzSxoopoo+F:v3jOyY7zB0+MXRHRg2iBrdzSqF

    Score
    3/10
    • Target

      locales/x86/AGM.dll

    • Size

      5.8MB

    • MD5

      b39b8d45413692ff856e9ba907256c2f

    • SHA1

      ab06b594a57b8bbe0f4c4ba80a12129953521667

    • SHA256

      ee32f4cbba3a601d57064695a8ed5955e1b9af984110d34504b8d5ebb132c084

    • SHA512

      1dcc8bbbc55ac27b0a0b96e28de73338b972e2998bc9c33439c32b721de811b2c9ecf6d7953dfbdfadcbcc0c64f56871d09ae953a449c516578e9e8b3e1df661

    • SSDEEP

      98304:lUpuc5sPE5fMZywrovF+rMnV17FVgvhiWaOuBue5SlIN:cuMCEZ3wrovF+a5Z

    Score
    3/10
    • Target

      locales/x86/AIDE.dll

    • Size

      2.0MB

    • MD5

      ad388ce4c2cc3aaff605994da782d57e

    • SHA1

      f43c3f588c77a34e8b81b63247ac1d7657016050

    • SHA256

      d3ba1adbfeef8f19e4aa570299c06d39a87dfc5fe3d85946270b722e44dacda7

    • SHA512

      f8e8f0fc5d8e01f8afe1aac55d3a301fa0019c6e80099616abf5a41c09aeabd0294e4391ddac170c2cd5bcff0b9e9cb4b559a2eca50a273e398083542065e27b

    • SSDEEP

      49152:h50rEANbHm4w0H5QZXjr/nZA9XANcZ4T5lQ:b0rEcbG4w0H5QZTrnZEmlu

    Score
    3/10
    • Target

      locales/x86/AdobeXMP.dll

    • Size

      887KB

    • MD5

      7c3033588c1a187918cf3fd246069a3f

    • SHA1

      2b637a9d37de604ae8e98fcbc73746ccc0402b31

    • SHA256

      e958f4ed8272a96e599ff9f0a79331e7b5109104a9d20d3f760c7eb162daf7e0

    • SHA512

      80d513d25477081c84af87e8127a02bb332204ad7399ac653a27ca726e446fd25518d36189bf90b10cbf34119d35501e006a2e06dbca5a96dc2348aff6b6fe91

    • SSDEEP

      24576:7CaZsdfNjJaN0OdQfLCKVkDavzVi5p5bafAAy4:7ZspNQVQdkahi5zaf5R

    Score
    3/10
    • Target

      locales/x86/BIB.dll

    • Size

      119KB

    • MD5

      404de37b800b661ebfaa218b20c8c0c6

    • SHA1

      2a2416b663ee9d9ec6325d2c70bf05be27a73eac

    • SHA256

      ca53407b356fcdea51a6d536447ed6b88ad14c87facf421080d141cae837eedc

    • SHA512

      e6d66bcb0da4ca5456dab376385c73a918fc13c4b0ab9a05d2324dbb7a9fcf197d727acfbedb15e55452b916c9afde0ed01b233868a88ae0f34ee01306289430

    • SSDEEP

      3072:x9mmiJ1WvqJ7fW7n/WY0EZrZsibdumKr9igRsNpKN02+OzHwn:TkaqJi7M0dO

    Score
    3/10
    • Target

      locales/x86/CoolType.dll

    • Size

      3.2MB

    • MD5

      6fb9f15b6a1dd1ee9cdb9b4ef290d69e

    • SHA1

      c5955655e9b96004a72bbb09aa72996f3ddaa539

    • SHA256

      d4a0db913fa555808ce627114fe6e2725970499c70364edbedf47d907d52242d

    • SHA512

      24be26d2e0dc3e05f786ce3eee815247261fe99e1bff08e689d71bf68e7d5340e942aaaefd9203569f63c23a5f5cb46c1ff6a2d91f2753fd6d78240fffa7beed

    • SSDEEP

      49152:37sVoVC47fsPVTs57ovd2MMg6NYpnd3EQUyfha+P/u6LSXvowU7u9qRXApP4Cqrt:37RCwfsdTk+dlb73ELyfhlf9K4Cqi3

    Score
    3/10
    • Target

      locales/x86/JP2KLib.dll

    • Size

      508KB

    • MD5

      73c0da5c825e3a2275dbef4f8dae0813

    • SHA1

      6f6191867fddf3c284066dd855512198c509d64c

    • SHA256

      979851cac4a2a0e394f06ca7139d7402911048b094f550dd9b33d1203ae92862

    • SHA512

      aa01cba77cf94d3a4c66ac7169414d4d7f91d8965d312bb46430b766affe0ff93c241a84ad9e1796c08c28fcbc613c9d98cde37b2b4914e801abff6c638a111b

    • SSDEEP

      12288:tskp3VH/G2LrUUIGVC3hCDfF5AzO5qkkZalIf+AGzVYu5uRcyef0njWcArh45j:tsK3VH/dlIGAGzqu07ef0qO

    Score
    3/10
    • Target

      locales/x86/app.dll

    • Size

      121KB

    • MD5

      768a1c4e4fc28a2c8addd11e70f824a4

    • SHA1

      b7ed732e19a37fe248d0d7934ceb9944f4e5bcad

    • SHA256

      f1d56cdfc9c7761b3fd1cd7dc9dd98c6c0494fc525d970c4d8df1e1b32ccc9be

    • SHA512

      4582b50a063f2507fec67ca7749b3405e2f60692094aa510a9bb8778d0ef2b156f6c9837e79dc2a41cf03e92caac721d5052319a96aee184a3db465aa053d5fe

    • SSDEEP

      3072:6Ep7lUDfjvMyJfZOG6p/VtW+AtpFrpqpqpvKINZ4F49Sp6gxy:6EXUDfjvpBqttg/93

    Score
    1/10
    • Target

      locales/x86/ccme_ecc.dll

    • Size

      548KB

    • MD5

      19f2641706952f221d5f1066d064db4d

    • SHA1

      84bf37c1bd5cb3f35cd2aa934cd9c17cb2690282

    • SHA256

      cd87094bdb78dbff8a593bef3952495414b2256eb75ac2d466da276d17e8bd9f

    • SHA512

      155a8d9fe2fe238cbc341cb0f088b5be0b58bc2f0ab70eae488972c0e8cd0e16ae3afef64ab96e0c63f14ac53b2ab167f906e2b94bec7ba87b494121edf5ed67

    • SSDEEP

      6144:Ra3lDLZaFal9tiA1GzrTJdln27EEvdABkVJAOlRs5DIcxkjSuo64hTQ0IL0QpC7K:RUlD9aFal94PDlGuBk3Js5DIqjv

    Score
    1/10
    • Target

      locales/x86/configs.dll

    • Size

      471KB

    • MD5

      ee220e800cb5af38e60f26b51999b105

    • SHA1

      194c0891d7a9cec5fd8f4af5e9dd9ef28a967053

    • SHA256

      08430abbc4eabd0615f42286038bac373f24ac8fe1117b2e304428bab7e143fd

    • SHA512

      b776e9457f5ccf367aecf0816152602c5bfc206322d7e1134a2fd23673d51c4427a4b54fe35f4079c6470c06d2bfadd2b1ef5541dde7ea1f17be842d184978a8

    • SSDEEP

      6144:/KK400WTwtX+fGPufBERUtk+Q4kiwoF0YG+L2Wf/xLu6:/5fiufqeBEHgGpY2Wf/dL

    Score
    1/10
    • Target

      locales/x86/icucnv67.dll

    • Size

      15KB

    • MD5

      c89f7b63c258a2d8b68a4bdaf5bbb2d4

    • SHA1

      b1181f70adef2cfc1b884aa4a895984843ca326c

    • SHA256

      ee7e175ca56e43932878a617e3a1ac3c005e33ad6964277fea811417ca10d2f2

    • SHA512

      39ca6c5ad801795bbaafe1c85719afdd7ced663ac2fb6530130797a40cd4ed7047d33292c5b41601408488cb5ed4926f9e0744d158a44b128bf517e0562d6e47

    • SSDEEP

      192:+0NMi7v56dIYiYF8rVs9+qARHk/2WJfsHR9y2sE9jBFL2UzZ9O:+06iuIYiI9yHk/24i/8E9VFL2Ut9

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      locales/x86/icudt67.dll

    • Size

      15KB

    • MD5

      d73b8ebe06c05cddad49297f668b481e

    • SHA1

      44b139944043d4c4c5a33e1782cd8256f3fa70aa

    • SHA256

      6bb13375779535aa693f51038540381efba654676b1471a10b61c5ad616fb81e

    • SHA512

      8dfe75a0219fa67803da33adea82f6e08fd568c938adad3174f9248f060306e4725852282538691a22fff29a9cd50af66c9d884c94f15c9ed392b9f3048844d6

    • SSDEEP

      192:NFNMi7v56OIYiYF8rVs9+qARrk3WJfsHR9y2sE9jBFL2UzZQp:NF6idIYiI9yrk34i/8E9VFL2UtQ

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

vidarcredential_accessdiscoveryspywarestealer
Score
10/10

behavioral4

persistenceprivilege_escalation
Score
7/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

Score
5/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

persistenceprivilege_escalation
Score
6/10

behavioral32

persistenceprivilege_escalation
Score
6/10