General

  • Target

    Unlock_Tool.zip

  • Size

    49.4MB

  • Sample

    241114-2emjysvakh

  • MD5

    c97087524507b9008457ab7897888594

  • SHA1

    24c40594b212e722c2a5c002468dc431b02e1d32

  • SHA256

    726bea2f32c83d55448328b564b105fab5ef5632b0c74090c98e330b8ea633f2

  • SHA512

    428e05cde055f0aca94545ae431eda9bc3a10f098f1b66aa16d2448f31a7f257bc43192a82ca9565b37c9441147b1efa47a59177e7792e91b7778961741ab8bb

  • SSDEEP

    1572864:R+B9ONqY9Qhi1An/EfsU+m8NaBaX7a0rhbF:RIOkTi1AnABg79v

Malware Config

Extracted

Family

vidar

Version

11.7

Botnet

4b05932e298d86a233eec0514ef2c4f6

C2

https://t.me/m07mbk

https://steamcommunity.com/profiles/76561199801589826

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      Unlock_Tool.zip

    • Size

      49.4MB

    • MD5

      c97087524507b9008457ab7897888594

    • SHA1

      24c40594b212e722c2a5c002468dc431b02e1d32

    • SHA256

      726bea2f32c83d55448328b564b105fab5ef5632b0c74090c98e330b8ea633f2

    • SHA512

      428e05cde055f0aca94545ae431eda9bc3a10f098f1b66aa16d2448f31a7f257bc43192a82ca9565b37c9441147b1efa47a59177e7792e91b7778961741ab8bb

    • SSDEEP

      1572864:R+B9ONqY9Qhi1An/EfsU+m8NaBaX7a0rhbF:RIOkTi1AnABg79v

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks