Overview

overview

10

Static

static

3

Unlock_Too....6.exe

windows10-ltsc 2021-x64

10

Unlock_Too....6.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Unlock_Tool_v2.6.6.exe

  • Size

    1.2MB

  • Sample

    241118-mtxk5svkcx

  • MD5

    1da3ab025aec24902139d9a3f1cd4e6a

  • SHA1

    45683e50a3d034e5fe9da7163ae535387c7a6801

  • SHA256

    cde0869ebe3e11c729f79c65159832f08045c1c17f838816347a192b5de62ffa

  • SHA512

    065005c29c2bb4f267bf89f2c190eaf9428096f8617f437fd760b25c52d3729e17b66a826fe45fb1414be529d445aa985b4316fed377052419a42327aaa8d63c

  • SSDEEP

    24576:Y6YnZ/THIr8oY9uX/B55IctTsHHDs+kig6+3flO:Y6+ZbHIr8huX/ddso+kPV3fw

Score
10/10
vidar68fa61169d8a1f0521b8a06aa1f33efbcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

11.8

Botnet

68fa61169d8a1f0521b8a06aa1f33efb

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      Unlock_Tool_v2.6.6.exe

    • Size

      1.2MB

    • MD5

      1da3ab025aec24902139d9a3f1cd4e6a

    • SHA1

      45683e50a3d034e5fe9da7163ae535387c7a6801

    • SHA256

      cde0869ebe3e11c729f79c65159832f08045c1c17f838816347a192b5de62ffa

    • SHA512

      065005c29c2bb4f267bf89f2c190eaf9428096f8617f437fd760b25c52d3729e17b66a826fe45fb1414be529d445aa985b4316fed377052419a42327aaa8d63c

    • SSDEEP

      24576:Y6YnZ/THIr8oY9uX/B55IctTsHHDs+kig6+3flO:Y6+ZbHIr8huX/ddso+kPV3fw

    Score
    10/10
    vidar68fa61169d8a1f0521b8a06aa1f33efbcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks