General
-
Target
Unlock_Tool_v2.5.6.rar
-
Size
49.7MB
-
Sample
241110-qf96vsxfqd
-
MD5
720f68e1a57f1881b0dcbfecdfc0b3bf
-
SHA1
7662d996406bbd32ea2baa20ae469321bc87ee2d
-
SHA256
edf2f2b1325eff120bef7a2414e367cd60efcc8d4256ba884d753cda39b1f381
-
SHA512
9e58a26de7fffe731bba8625529b811475a03b60860e705e4cbb51eb9ba7fa060731e93d8fee271adda12e6d7a370277ede27dd7afaf449f06d99795d3a46cd1
-
SSDEEP
1572864:7aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAG:eMna8Pwa0m222Sd26vG
Static task
static1
Behavioral task
behavioral1
Sample
Unlock_Tool_v2.5.6.rar
Resource
win11-20241007-en
Malware Config
Extracted
vidar
https://t.me/gos90t
https://steamcommunity.com/profiles/76561199800374635
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
Unlock_Tool_v2.5.6.rar
-
Size
49.7MB
-
MD5
720f68e1a57f1881b0dcbfecdfc0b3bf
-
SHA1
7662d996406bbd32ea2baa20ae469321bc87ee2d
-
SHA256
edf2f2b1325eff120bef7a2414e367cd60efcc8d4256ba884d753cda39b1f381
-
SHA512
9e58a26de7fffe731bba8625529b811475a03b60860e705e4cbb51eb9ba7fa060731e93d8fee271adda12e6d7a370277ede27dd7afaf449f06d99795d3a46cd1
-
SSDEEP
1572864:7aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAG:eMna8Pwa0m222Sd26vG
-
Detect Vidar Stealer
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Pre-OS Boot
1Bootkit
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4