Overview
overview
10Static
static
3Unlock_Tool.zip
windows7-x64
10Unlock_Tool.zip
windows10-2004-x64
1Password.txt
windows7-x64
1Password.txt
windows10-2004-x64
1Unlock_Too....6.rar
windows7-x64
1Unlock_Too....6.rar
windows10-2004-x64
1locales/re...le.xml
windows7-x64
3locales/re...le.xml
windows10-2004-x64
1locales/re...ng.dll
windows7-x64
1locales/re...ng.dll
windows10-2004-x64
1locales/re...le.xml
windows7-x64
3locales/re...le.xml
windows10-2004-x64
1locales/re...le.xml
windows7-x64
3locales/re...le.xml
windows10-2004-x64
1locales/re...le.xml
windows7-x64
3locales/re...le.xml
windows10-2004-x64
1locales/re...le.xml
windows7-x64
3locales/re...le.xml
windows10-2004-x64
1locales/re...le.xml
windows7-x64
3locales/re...le.xml
windows10-2004-x64
1locales/re...le.dll
windows7-x64
1locales/re...le.dll
windows10-2004-x64
1locales/re...le.xml
windows7-x64
3locales/re...le.xml
windows10-2004-x64
1locales/re...le.dll
windows7-x64
1locales/re...le.dll
windows10-2004-x64
1locales/re...le.xml
windows7-x64
3locales/re...le.xml
windows10-2004-x64
1locales/re...ne.dll
windows7-x64
1locales/re...ne.dll
windows10-2004-x64
1locales/re...le.xml
windows7-x64
3locales/re...le.xml
windows10-2004-x64
1Resubmissions
10-11-2024 17:20
241110-vwe3wavjhk 10General
-
Target
Unlock_Tool.zip
-
Size
49.7MB
-
Sample
241110-vwe3wavjhk
-
MD5
b94ff5c9d88bb94471136eb639a64420
-
SHA1
c2b2053f395f50a82503b084af65e8e803efabc9
-
SHA256
1f7746f66fe34a60c699d206480985db98616fa0c5bb990db70d808efe0ffd22
-
SHA512
cea383399d2d2b94e50e92948faf3d5403100edd76d17b108ba06e7560834cee6d73924df581e47fd8f55b82bff2c45fe2fa2685d64c9ceec28698ae41bb7c96
-
SSDEEP
1572864:6aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAO:VMna8Pwa0m222Sd26vO
Static task
static1
Behavioral task
behavioral1
Sample
Unlock_Tool.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Unlock_Tool.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Password.txt
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
Password.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Unlock_Tool_v2.5.6.rar
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Unlock_Tool_v2.5.6.rar
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
locales/resources/Data/Managed/UnityEngine.LocalizationModule.xml
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
locales/resources/Data/Managed/UnityEngine.LocalizationModule.xml
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
locales/resources/Data/Managed/UnityEngine.Networking.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
locales/resources/Data/Managed/UnityEngine.Networking.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
locales/resources/Data/Managed/UnityEngine.ParticleSystemModule.xml
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
locales/resources/Data/Managed/UnityEngine.ParticleSystemModule.xml
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
locales/resources/Data/Managed/UnityEngine.ParticlesLegacyModule.xml
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
locales/resources/Data/Managed/UnityEngine.ParticlesLegacyModule.xml
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
locales/resources/Data/Managed/UnityEngine.Physics2DModule.xml
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
locales/resources/Data/Managed/UnityEngine.Physics2DModule.xml
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
locales/resources/Data/Managed/UnityEngine.ProfilerModule.xml
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
locales/resources/Data/Managed/UnityEngine.ProfilerModule.xml
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
locales/resources/Data/Managed/UnityEngine.SharedInternalsModule.xml
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
locales/resources/Data/Managed/UnityEngine.SharedInternalsModule.xml
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
locales/resources/Data/Managed/UnityEngine.TextRenderingModule.dll
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
locales/resources/Data/Managed/UnityEngine.TextRenderingModule.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
locales/resources/Data/Managed/UnityEngine.TextRenderingModule.xml
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
locales/resources/Data/Managed/UnityEngine.TextRenderingModule.xml
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
locales/resources/Data/Managed/UnityEngine.TilemapModule.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
locales/resources/Data/Managed/UnityEngine.TilemapModule.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
locales/resources/Data/Managed/UnityEngine.TilemapModule.xml
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
locales/resources/Data/Managed/UnityEngine.TilemapModule.xml
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
locales/resources/Data/Managed/UnityEngine.Timeline.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
locales/resources/Data/Managed/UnityEngine.Timeline.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
locales/resources/Data/Managed/UnityEngine.TimelineModule.xml
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
locales/resources/Data/Managed/UnityEngine.TimelineModule.xml
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
https://t.me/gos90t
https://steamcommunity.com/profiles/76561199800374635
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
Unlock_Tool.zip
-
Size
49.7MB
-
MD5
b94ff5c9d88bb94471136eb639a64420
-
SHA1
c2b2053f395f50a82503b084af65e8e803efabc9
-
SHA256
1f7746f66fe34a60c699d206480985db98616fa0c5bb990db70d808efe0ffd22
-
SHA512
cea383399d2d2b94e50e92948faf3d5403100edd76d17b108ba06e7560834cee6d73924df581e47fd8f55b82bff2c45fe2fa2685d64c9ceec28698ae41bb7c96
-
SSDEEP
1572864:6aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAO:VMna8Pwa0m222Sd26vO
Score10/10-
Detect Vidar Stealer
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
Password.txt
-
Size
94B
-
MD5
40d2bba2661f32bec508886f1d097cef
-
SHA1
006afae44254592c4bf3ff8ab989dcc6c3e535dc
-
SHA256
310fbc255888e9d09afe844b5523cd3377eb8df64c04efe0bbf0f69e26440c8b
-
SHA512
9af0b4b27d6841913dc6e3ed55f685e737d96af67ed142082478ea4353b941eba1f92fd0011fe41877c50c1ba3618db430ac209f5d7c4502b25a99ccb6921fa6
Score1/10 -
-
-
Target
Unlock_Tool_v2.5.6.rar
-
Size
49.7MB
-
MD5
720f68e1a57f1881b0dcbfecdfc0b3bf
-
SHA1
7662d996406bbd32ea2baa20ae469321bc87ee2d
-
SHA256
edf2f2b1325eff120bef7a2414e367cd60efcc8d4256ba884d753cda39b1f381
-
SHA512
9e58a26de7fffe731bba8625529b811475a03b60860e705e4cbb51eb9ba7fa060731e93d8fee271adda12e6d7a370277ede27dd7afaf449f06d99795d3a46cd1
-
SSDEEP
1572864:7aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAG:eMna8Pwa0m222Sd26vG
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.LocalizationModule.xml
-
Size
175B
-
MD5
55f89dfef83a868ea0daf554e7ce61c2
-
SHA1
29a98142bbafbdc323cb8245330e3dc1374f9687
-
SHA256
cd5367f466cc34c7f33e42ec8a6358e3e4b49439a7f83a7b2f678010a6be911e
-
SHA512
64f2b8198e169ec4f7e221154a928d2ac7d67243aadd983933845df9dc89bda6cfc61a1dcc65e38275890a7662a27bdb224eb11a8abe2e9b6152a346f75ac631
Score3/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.Networking.dll
-
Size
250KB
-
MD5
c0f563d141f67d17eb1364bb7e3c2690
-
SHA1
840cd5373b1df73f8bc11736f407485cdc56c41a
-
SHA256
5d44c7bdf640be9cd3139f2d3565a1c652a2e8a7e533540b5ac78718b5a90067
-
SHA512
97e754f8a332f31dc1aa6b501cf358cbaa4f038c50cd3546f416bd10df0c5c922bd91afabf531ac6f9f19f3746ae809cab172d5a901bac1cb4a30aa99c1e1b43
-
SSDEEP
6144:PjKeO0vRwfWPdwRCcAONC8BHrLOKTur+4NgHdVq8k:PZ5RwfWPuTdVq8
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.ParticleSystemModule.xml
-
Size
173KB
-
MD5
9100eb8da440cdc147d3be9277f8ed87
-
SHA1
9108c96467b86728370e269bd24f94019ef64636
-
SHA256
34ed8ef5808dc627117d8aaa5f87a3080e0076704147816cb996d414d83e0802
-
SHA512
c322f2f31a3b66b288471b1c8bc5fe29537cdd1641f9a527af5bff0f420bc30b45512c870eb79acf4e9c942f5bedb5d47637bbb9d30ca745fbbc2d4173248bab
-
SSDEEP
1536:4EuVvVn/v/zgvgxNJlEAudPFlvV18eUI5MQT28GuNHpu6PNVvN:47V/X3NPEfdPFlvV18eUI5MQPPNVV
Score3/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.ParticlesLegacyModule.xml
-
Size
1KB
-
MD5
3831b41487474f47bc35614470de3f1d
-
SHA1
673cb82b24ff8ac55a7e2bc108237a8a25e11e1e
-
SHA256
67cc1be67cbea337ff2ac68e2accb14fe6c38a463c2d8480c300597cd3eadcc0
-
SHA512
005172c244213b915852af638211d5e6866dcfeb7af3e15a896c00856495b6caae41533ef49b31896544ae6139eed1a80238fb8f61efbb26ce862937edbf4961
Score3/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.Physics2DModule.xml
-
Size
151KB
-
MD5
7285a9d1e53f8f8cf70ae51cf4350700
-
SHA1
2768a50dcf0461b8f109287ed084710c6ccd1561
-
SHA256
81a0af92bd53a273455364dcda76c515ed3c517b320fcd5f06b03424f5ac0cbc
-
SHA512
1dbc3f5ee0053afce9a0260235d4d50d341a44d44be744aa869aa317316d1d12b79179bd7a48e40e34e52f099663242443f7344712eefe03f65e019bf24d5ee7
-
SSDEEP
768:+vz1Y/3k8bH93NWDLLPMQBjYsRbpHujHNwiDTSTd63CLlKjg2wtFwxMft1g3Ho99:Ke5gffegT7
Score3/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.ProfilerModule.xml
-
Size
171B
-
MD5
bc29793eb57e5197b4d6f26bb5b72133
-
SHA1
f9405dc331b171093e16bf036bbb4388160caec2
-
SHA256
6295613152162d2f7afee51591c682f5bc539006d4f21ad8ef10654c90c24900
-
SHA512
057f04a5b41bbbf7af8fd093c0399f75ba109c4d8deb34f6fc021ab50b236df6b6b13b3fda4ec390055fb35ff6f29b92c22741436e425eeb7c9f577141f642b7
Score3/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.SharedInternalsModule.xml
-
Size
406B
-
MD5
0544603fbb4f68be8210411eddd087d7
-
SHA1
404a5f134d7f2856e0c0e24350084dd025919efd
-
SHA256
b6f04e281e8b98f8df5e2ecdf96e0c1a29632511c7fbc170a36f8071073dc659
-
SHA512
615ddcd4a98eb5d2a7319363d4b09fa79f25a757ba38d44eabfd4d342004fd96e2c70d190b5f600967e273ab20ed627ca5f26e070db517af9302361e9291e513
Score3/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.TextRenderingModule.dll
-
Size
23KB
-
MD5
2ad29a9f6f032248ba4beee310a865f8
-
SHA1
884a94d1b20a52cab98ff63842daec1600e37863
-
SHA256
ec4997e24de2f295884d8c3bd2d39bd7221442ef578f94af1157088ac0c055ea
-
SHA512
26962e5c7b0bbf618bbcda36ad260b05dbf0df68e86296c3da12e564b88acc2f437970f466d6d1cd9d78dd4ee45366b42c769503d353f513a460559c1c79105d
-
SSDEEP
384:Agh9vlhW9GyrqVFNBk0jJS00y00LWFHtovYMkd6Pa80zhOyOq9cje:/99s9ZrqVFNB1vWPDgPaR9B
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.TextRenderingModule.xml
-
Size
30KB
-
MD5
eb23085529ea8113afc35eb555ef0358
-
SHA1
9869036f7fbccd3e9cf55d4856658fde995a30f8
-
SHA256
690557ad6037a231bb4e8efbfed72f29a66363b2b24da31e0701c3d9ede2866e
-
SHA512
901334c0b15f1ab3d4a684a114fea5f10670d86967b31c713be3ddb1375891f008d48c2d6bcea8347f50c69ec8dab35853a49e9e565209da44942eef87f8ebce
-
SSDEEP
384:KlO/dHELwsP//Iwe2venYNh0gP4m04mmD+LTP:b9YQ9mZm3L
Score3/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.TilemapModule.dll
-
Size
20KB
-
MD5
792c3d16e5ba8bf7d1c78f8f60f398a3
-
SHA1
8ba1eb13c85f058d52e759cecd80baee5892f775
-
SHA256
d76a92fa5fc5a9b627a96ff74dd8fdd5ee22de0ec9bde10be33249578ac7b470
-
SHA512
7c0f448feb62c9049f20a59df294ba865a7d049199498fb39ca3cbce87df5cdf758111934f3c06fe33ae7b48012790b5a88d4cac6093f63d87c32b301b766542
-
SSDEEP
192:AtJErFWLvoqqE6a1KINFYKpSh0Y/RDdzkNt5JdNtju4C6emWqQabtKEXwU/yTKKH:AdOEBRFuflZkXdNAAWqQaP1gxu4cj2d
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.TilemapModule.xml
-
Size
40KB
-
MD5
79fbb3d3b804c26c25aa870bd06b2c1f
-
SHA1
58c1a47955d3254556c58d20e806ac1a805fcdd0
-
SHA256
a54b6e4badada02ea99b9a560dd46b9eedba9d641093574f9fddfab161fa0456
-
SHA512
e8d2ff769c350a109c3e4029aed71f7b30ad4d824d427b0292f44b35730791f165ff6547955a220b68d6aa2b2ad5a6dbcc405d9986b305d68a7125c57c483cb4
-
SSDEEP
768:xkhjCxZU77lGRosoqsX9dE65K6tcluZfJe:+hjCxi5qsNdE65KFIje
Score3/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.Timeline.dll
-
Size
92KB
-
MD5
0da819f03bd028d03c3e0dd546c63d0b
-
SHA1
6572139731dafea0f5c85f14fc26767ad66b5b3a
-
SHA256
878b0da56c07d5bcb75fe9f9e58b0d211c026516fd4b33cc8fc797f4e8ce2860
-
SHA512
88503c71251a93af5641a0ee84c36bc53e2b29a0298300a24ed39a3c56354395e0588d42a50757d74001f0d470f3cac0259c800eab114e6af5fe1142c188ce98
-
SSDEEP
1536:nR+buQIn8Wn9XbevHXuq8PURCwznArH0GJyhR1QR6NlpiQzhwh:RuRI8WZKvHJ8PgCVrbJyh+h
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.TimelineModule.xml
-
Size
171B
-
MD5
549492497e200aec7b51948ce3100b19
-
SHA1
e521cce6a52ce975f54b201a652376087e264d96
-
SHA256
030df7c77ed4b9249b6ffb7eb72ef139933d22313c7921f87d340d8790f81fbd
-
SHA512
1803618e4252b87f0bcf60655a22cd639ad63bce8a93aca297d74ff91bc1f4add078d588c1e078d8c71d9414ab2fd8d3d7417259ce22e9179252a4d7cced6d1b
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4