Resubmissions

10-11-2024 17:20

241110-vwe3wavjhk 10

General

  • Target

    Unlock_Tool.zip

  • Size

    49.7MB

  • Sample

    241110-vwe3wavjhk

  • MD5

    b94ff5c9d88bb94471136eb639a64420

  • SHA1

    c2b2053f395f50a82503b084af65e8e803efabc9

  • SHA256

    1f7746f66fe34a60c699d206480985db98616fa0c5bb990db70d808efe0ffd22

  • SHA512

    cea383399d2d2b94e50e92948faf3d5403100edd76d17b108ba06e7560834cee6d73924df581e47fd8f55b82bff2c45fe2fa2685d64c9ceec28698ae41bb7c96

  • SSDEEP

    1572864:6aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAO:VMna8Pwa0m222Sd26vO

Malware Config

Extracted

Family

vidar

C2

https://t.me/gos90t

https://steamcommunity.com/profiles/76561199800374635

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      Unlock_Tool.zip

    • Size

      49.7MB

    • MD5

      b94ff5c9d88bb94471136eb639a64420

    • SHA1

      c2b2053f395f50a82503b084af65e8e803efabc9

    • SHA256

      1f7746f66fe34a60c699d206480985db98616fa0c5bb990db70d808efe0ffd22

    • SHA512

      cea383399d2d2b94e50e92948faf3d5403100edd76d17b108ba06e7560834cee6d73924df581e47fd8f55b82bff2c45fe2fa2685d64c9ceec28698ae41bb7c96

    • SSDEEP

      1572864:6aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAO:VMna8Pwa0m222Sd26vO

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      Password.txt

    • Size

      94B

    • MD5

      40d2bba2661f32bec508886f1d097cef

    • SHA1

      006afae44254592c4bf3ff8ab989dcc6c3e535dc

    • SHA256

      310fbc255888e9d09afe844b5523cd3377eb8df64c04efe0bbf0f69e26440c8b

    • SHA512

      9af0b4b27d6841913dc6e3ed55f685e737d96af67ed142082478ea4353b941eba1f92fd0011fe41877c50c1ba3618db430ac209f5d7c4502b25a99ccb6921fa6

    Score
    1/10
    • Target

      Unlock_Tool_v2.5.6.rar

    • Size

      49.7MB

    • MD5

      720f68e1a57f1881b0dcbfecdfc0b3bf

    • SHA1

      7662d996406bbd32ea2baa20ae469321bc87ee2d

    • SHA256

      edf2f2b1325eff120bef7a2414e367cd60efcc8d4256ba884d753cda39b1f381

    • SHA512

      9e58a26de7fffe731bba8625529b811475a03b60860e705e4cbb51eb9ba7fa060731e93d8fee271adda12e6d7a370277ede27dd7afaf449f06d99795d3a46cd1

    • SSDEEP

      1572864:7aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAG:eMna8Pwa0m222Sd26vG

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.LocalizationModule.xml

    • Size

      175B

    • MD5

      55f89dfef83a868ea0daf554e7ce61c2

    • SHA1

      29a98142bbafbdc323cb8245330e3dc1374f9687

    • SHA256

      cd5367f466cc34c7f33e42ec8a6358e3e4b49439a7f83a7b2f678010a6be911e

    • SHA512

      64f2b8198e169ec4f7e221154a928d2ac7d67243aadd983933845df9dc89bda6cfc61a1dcc65e38275890a7662a27bdb224eb11a8abe2e9b6152a346f75ac631

    Score
    3/10
    • Target

      locales/resources/Data/Managed/UnityEngine.Networking.dll

    • Size

      250KB

    • MD5

      c0f563d141f67d17eb1364bb7e3c2690

    • SHA1

      840cd5373b1df73f8bc11736f407485cdc56c41a

    • SHA256

      5d44c7bdf640be9cd3139f2d3565a1c652a2e8a7e533540b5ac78718b5a90067

    • SHA512

      97e754f8a332f31dc1aa6b501cf358cbaa4f038c50cd3546f416bd10df0c5c922bd91afabf531ac6f9f19f3746ae809cab172d5a901bac1cb4a30aa99c1e1b43

    • SSDEEP

      6144:PjKeO0vRwfWPdwRCcAONC8BHrLOKTur+4NgHdVq8k:PZ5RwfWPuTdVq8

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.ParticleSystemModule.xml

    • Size

      173KB

    • MD5

      9100eb8da440cdc147d3be9277f8ed87

    • SHA1

      9108c96467b86728370e269bd24f94019ef64636

    • SHA256

      34ed8ef5808dc627117d8aaa5f87a3080e0076704147816cb996d414d83e0802

    • SHA512

      c322f2f31a3b66b288471b1c8bc5fe29537cdd1641f9a527af5bff0f420bc30b45512c870eb79acf4e9c942f5bedb5d47637bbb9d30ca745fbbc2d4173248bab

    • SSDEEP

      1536:4EuVvVn/v/zgvgxNJlEAudPFlvV18eUI5MQT28GuNHpu6PNVvN:47V/X3NPEfdPFlvV18eUI5MQPPNVV

    Score
    3/10
    • Target

      locales/resources/Data/Managed/UnityEngine.ParticlesLegacyModule.xml

    • Size

      1KB

    • MD5

      3831b41487474f47bc35614470de3f1d

    • SHA1

      673cb82b24ff8ac55a7e2bc108237a8a25e11e1e

    • SHA256

      67cc1be67cbea337ff2ac68e2accb14fe6c38a463c2d8480c300597cd3eadcc0

    • SHA512

      005172c244213b915852af638211d5e6866dcfeb7af3e15a896c00856495b6caae41533ef49b31896544ae6139eed1a80238fb8f61efbb26ce862937edbf4961

    Score
    3/10
    • Target

      locales/resources/Data/Managed/UnityEngine.Physics2DModule.xml

    • Size

      151KB

    • MD5

      7285a9d1e53f8f8cf70ae51cf4350700

    • SHA1

      2768a50dcf0461b8f109287ed084710c6ccd1561

    • SHA256

      81a0af92bd53a273455364dcda76c515ed3c517b320fcd5f06b03424f5ac0cbc

    • SHA512

      1dbc3f5ee0053afce9a0260235d4d50d341a44d44be744aa869aa317316d1d12b79179bd7a48e40e34e52f099663242443f7344712eefe03f65e019bf24d5ee7

    • SSDEEP

      768:+vz1Y/3k8bH93NWDLLPMQBjYsRbpHujHNwiDTSTd63CLlKjg2wtFwxMft1g3Ho99:Ke5gffegT7

    Score
    3/10
    • Target

      locales/resources/Data/Managed/UnityEngine.ProfilerModule.xml

    • Size

      171B

    • MD5

      bc29793eb57e5197b4d6f26bb5b72133

    • SHA1

      f9405dc331b171093e16bf036bbb4388160caec2

    • SHA256

      6295613152162d2f7afee51591c682f5bc539006d4f21ad8ef10654c90c24900

    • SHA512

      057f04a5b41bbbf7af8fd093c0399f75ba109c4d8deb34f6fc021ab50b236df6b6b13b3fda4ec390055fb35ff6f29b92c22741436e425eeb7c9f577141f642b7

    Score
    3/10
    • Target

      locales/resources/Data/Managed/UnityEngine.SharedInternalsModule.xml

    • Size

      406B

    • MD5

      0544603fbb4f68be8210411eddd087d7

    • SHA1

      404a5f134d7f2856e0c0e24350084dd025919efd

    • SHA256

      b6f04e281e8b98f8df5e2ecdf96e0c1a29632511c7fbc170a36f8071073dc659

    • SHA512

      615ddcd4a98eb5d2a7319363d4b09fa79f25a757ba38d44eabfd4d342004fd96e2c70d190b5f600967e273ab20ed627ca5f26e070db517af9302361e9291e513

    Score
    3/10
    • Target

      locales/resources/Data/Managed/UnityEngine.TextRenderingModule.dll

    • Size

      23KB

    • MD5

      2ad29a9f6f032248ba4beee310a865f8

    • SHA1

      884a94d1b20a52cab98ff63842daec1600e37863

    • SHA256

      ec4997e24de2f295884d8c3bd2d39bd7221442ef578f94af1157088ac0c055ea

    • SHA512

      26962e5c7b0bbf618bbcda36ad260b05dbf0df68e86296c3da12e564b88acc2f437970f466d6d1cd9d78dd4ee45366b42c769503d353f513a460559c1c79105d

    • SSDEEP

      384:Agh9vlhW9GyrqVFNBk0jJS00y00LWFHtovYMkd6Pa80zhOyOq9cje:/99s9ZrqVFNB1vWPDgPaR9B

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.TextRenderingModule.xml

    • Size

      30KB

    • MD5

      eb23085529ea8113afc35eb555ef0358

    • SHA1

      9869036f7fbccd3e9cf55d4856658fde995a30f8

    • SHA256

      690557ad6037a231bb4e8efbfed72f29a66363b2b24da31e0701c3d9ede2866e

    • SHA512

      901334c0b15f1ab3d4a684a114fea5f10670d86967b31c713be3ddb1375891f008d48c2d6bcea8347f50c69ec8dab35853a49e9e565209da44942eef87f8ebce

    • SSDEEP

      384:KlO/dHELwsP//Iwe2venYNh0gP4m04mmD+LTP:b9YQ9mZm3L

    Score
    3/10
    • Target

      locales/resources/Data/Managed/UnityEngine.TilemapModule.dll

    • Size

      20KB

    • MD5

      792c3d16e5ba8bf7d1c78f8f60f398a3

    • SHA1

      8ba1eb13c85f058d52e759cecd80baee5892f775

    • SHA256

      d76a92fa5fc5a9b627a96ff74dd8fdd5ee22de0ec9bde10be33249578ac7b470

    • SHA512

      7c0f448feb62c9049f20a59df294ba865a7d049199498fb39ca3cbce87df5cdf758111934f3c06fe33ae7b48012790b5a88d4cac6093f63d87c32b301b766542

    • SSDEEP

      192:AtJErFWLvoqqE6a1KINFYKpSh0Y/RDdzkNt5JdNtju4C6emWqQabtKEXwU/yTKKH:AdOEBRFuflZkXdNAAWqQaP1gxu4cj2d

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.TilemapModule.xml

    • Size

      40KB

    • MD5

      79fbb3d3b804c26c25aa870bd06b2c1f

    • SHA1

      58c1a47955d3254556c58d20e806ac1a805fcdd0

    • SHA256

      a54b6e4badada02ea99b9a560dd46b9eedba9d641093574f9fddfab161fa0456

    • SHA512

      e8d2ff769c350a109c3e4029aed71f7b30ad4d824d427b0292f44b35730791f165ff6547955a220b68d6aa2b2ad5a6dbcc405d9986b305d68a7125c57c483cb4

    • SSDEEP

      768:xkhjCxZU77lGRosoqsX9dE65K6tcluZfJe:+hjCxi5qsNdE65KFIje

    Score
    3/10
    • Target

      locales/resources/Data/Managed/UnityEngine.Timeline.dll

    • Size

      92KB

    • MD5

      0da819f03bd028d03c3e0dd546c63d0b

    • SHA1

      6572139731dafea0f5c85f14fc26767ad66b5b3a

    • SHA256

      878b0da56c07d5bcb75fe9f9e58b0d211c026516fd4b33cc8fc797f4e8ce2860

    • SHA512

      88503c71251a93af5641a0ee84c36bc53e2b29a0298300a24ed39a3c56354395e0588d42a50757d74001f0d470f3cac0259c800eab114e6af5fe1142c188ce98

    • SSDEEP

      1536:nR+buQIn8Wn9XbevHXuq8PURCwznArH0GJyhR1QR6NlpiQzhwh:RuRI8WZKvHJ8PgCVrbJyh+h

    Score
    1/10
    • Target

      locales/resources/Data/Managed/UnityEngine.TimelineModule.xml

    • Size

      171B

    • MD5

      549492497e200aec7b51948ce3100b19

    • SHA1

      e521cce6a52ce975f54b201a652376087e264d96

    • SHA256

      030df7c77ed4b9249b6ffb7eb72ef139933d22313c7921f87d340d8790f81fbd

    • SHA512

      1803618e4252b87f0bcf60655a22cd639ad63bce8a93aca297d74ff91bc1f4add078d588c1e078d8c71d9414ab2fd8d3d7417259ce22e9179252a4d7cced6d1b

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

vidarcredential_accessdiscoveryspywarestealer
Score
10/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

discovery
Score
3/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
3/10

behavioral12

Score
1/10

behavioral13

discovery
Score
3/10

behavioral14

Score
1/10

behavioral15

discovery
Score
3/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
3/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discovery
Score
3/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

discovery
Score
3/10

behavioral32

Score
1/10