Extracted

• • Target

    Unlock_Tool_v2.6.9.exe

  • Size

    540KB

  • MD5

    f0a007bc4e9604d57049e1a8e55f2ca5

  • SHA1

    99e62e5f6697ebf4ac5c11a365a45fc6697d05f1

  • SHA256

    6fd25d8a1673636d82587068db0936e08aee41b2c0885e134b89e22ef2f3c9bf

  • SHA512

    78a1d9f26c402317ee385db414504e7e65294f0aeb779f565bd052ef0283e944cd18657f23fbd6ada9698d8950a7e42756a88187c3318b29b29dce2e2dbecf5c

  • SSDEEP

    12288:1RgyqSwAN2kLkjnP13tGyvoV05cYGcMV/kW44Md+slr7v:Dg2N2kLkTd3Ao75Gc+/kW8d+Yr7v

  Score

  10^/10

  discoverystealcvidar68fa61169d8a1f0521b8a06aa1f33efbcredential_accessspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2