General
-
Target
Unlock_Tool.zip
-
Size
49.7MB
-
Sample
241110-lya29svanq
-
MD5
b94ff5c9d88bb94471136eb639a64420
-
SHA1
c2b2053f395f50a82503b084af65e8e803efabc9
-
SHA256
1f7746f66fe34a60c699d206480985db98616fa0c5bb990db70d808efe0ffd22
-
SHA512
cea383399d2d2b94e50e92948faf3d5403100edd76d17b108ba06e7560834cee6d73924df581e47fd8f55b82bff2c45fe2fa2685d64c9ceec28698ae41bb7c96
-
SSDEEP
1572864:6aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAO:VMna8Pwa0m222Sd26vO
Static task
static1
Behavioral task
behavioral1
Sample
Unlock_Tool_v2.5.6.rar
Resource
win11-20241007-en
Malware Config
Extracted
vidar
https://t.me/gos90t
https://steamcommunity.com/profiles/76561199800374635
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
Unlock_Tool_v2.5.6.rar
-
Size
49.7MB
-
MD5
720f68e1a57f1881b0dcbfecdfc0b3bf
-
SHA1
7662d996406bbd32ea2baa20ae469321bc87ee2d
-
SHA256
edf2f2b1325eff120bef7a2414e367cd60efcc8d4256ba884d753cda39b1f381
-
SHA512
9e58a26de7fffe731bba8625529b811475a03b60860e705e4cbb51eb9ba7fa060731e93d8fee271adda12e6d7a370277ede27dd7afaf449f06d99795d3a46cd1
-
SSDEEP
1572864:7aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAG:eMna8Pwa0m222Sd26vG
Score10/10-
Detect Vidar Stealer
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4