Extracted

• • Target

    Unlock_Tool_v2.6.6.exe

  • Size

    1.2MB

  • MD5

    1da3ab025aec24902139d9a3f1cd4e6a

  • SHA1

    45683e50a3d034e5fe9da7163ae535387c7a6801

  • SHA256

    cde0869ebe3e11c729f79c65159832f08045c1c17f838816347a192b5de62ffa

  • SHA512

    065005c29c2bb4f267bf89f2c190eaf9428096f8617f437fd760b25c52d3729e17b66a826fe45fb1414be529d445aa985b4316fed377052419a42327aaa8d63c

  • SSDEEP

    24576:Y6YnZ/THIr8oY9uX/B55IctTsHHDs+kig6+3flO:Y6+ZbHIr8huX/ddso+kPV3fw

  Score

  10^/10

  stealcvidar68fa61169d8a1f0521b8a06aa1f33efbcredential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2