General
-
Target
Unlock_Tool.zip
-
Size
49.5MB
-
Sample
241119-ybvvda1hpp
-
MD5
e8337f9891f2d8d17adfe3d612a9591d
-
SHA1
6c4752f2a8ab432cdea8c62050996c92b775debc
-
SHA256
60fb07e0ee62f326fd549235eb4d672133af86efccf0a72465c60e18165d3d74
-
SHA512
02146be10a81cc7f51932b877e28447911107550d0969a4fc27ee056beaa6f4883a3d4746aa6337538f55986fa039f3d5d227a6eb8b303e353de30c225c1170f
-
SSDEEP
786432:n7stHfy75Fu6upTSWMvz8CB9HSs0o6qx7G00chS1IwCMMXkzf1pinf1f63:nx5Fu6vWISAnMcI1IwCrU7w63
Static task
static1
Behavioral task
behavioral1
Sample
Unlock_Tool_v2.6.7.rar
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
Unlock_Tool_v2.6.7.rar
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11.8
68fa61169d8a1f0521b8a06aa1f33efb
https://t.me/fu4chmo
https://steamcommunity.com/profiles/76561199802540894
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
Unlock_Tool_v2.6.7.rar
-
Size
49.5MB
-
MD5
4b451061edc32d1712e113e60e606c35
-
SHA1
ea13c95654f1a9f0c06a6b128cf983d188535c35
-
SHA256
b93eed36cc9c66d3052950b1db08549a567a94a176dd44ec7f63bc5a98d92ca1
-
SHA512
4cc79b6ae84ed2c8b938702e10af49a3bf2f5bc2ca0349faa8f2b015b19f4e52305d6a64e3e206071db369870a32045b640ea324966b54659d8f7d6654ebb8f2
-
SSDEEP
786432:17stHfy75Fu6upTSWMvz8CB9HSs0o6qx7G00chS1IwCMMXkzf1pinf1f6Z:1x5Fu6vWISAnMcI1IwCrU7w6Z
-
Detect Vidar Stealer
-
Stealc family
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4