vidar

Sharing

Copy URL

Twitter E-mail

General

Target

Unlock_App_v1.4.zip
Size

48.5MB
Sample

241221-zy62lazlbs
MD5

70476979f8f00c7a79f3d18d81fc56a8
SHA1

2b6e67c9b043398e396f6cb44a6d40ad30d5f8a8
SHA256

937c46006e622509af09340233e000490f1294a6122f6d222abd8239c15f3a0c
SHA512

1072d9b40dc8dce4833b1fee6edfa0d90ce33e74839823c57dd24e89eac4bf674f15ee6c4d1b5e269b6fe32629a3d8a74cdec5e732460b46049dde7eee49d901
SSDEEP

1572864:w6zWU7tc096RPQZIEnlzMy5SbGW/Wzhc2Q:RWWB96Re9SacYhw

Score

10^/10

Malware Config

Targets

- Target
  
  Unlock_App_v1.4.exe
- Size
  
  323KB
- MD5
  
  34f45d20fef7dd9c8e8d7f5b9d5fa6a7
- SHA1
  
  4270a1cf22a0183d772bf143bec8a81b8b4ac51e
- SHA256
  
  42226b9f119843f7ff26e7d50895564d59fe8bf8db1830047c86298d8bc22d74
- SHA512
  
  11a4e65e08a6f948336971e612f859429c4c58c6443ba85fc3b7a5165040bde57555c596a8c0322cd71b8e1fa3758dd7f6a247de5197b32212d9a90c37fe2410
- SSDEEP
  
  6144:bspY93m4ezZF197TvhhFUJi7AuRQ1zkIFZQRhtinsoCiiEI+:bWym4ezxLhKAkuRQtkIjQRGns2iEz
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  langs/H_Hayat_x64.dll
- Size
  
  111KB
- MD5
  
  1f39f078d03461a104336c68c8927505
- SHA1
  
  d54117a64c1d69399c2b978804971b2819ffeb8e
- SHA256
  
  5ed02b75802ee6bba47dd1c0064732329f98c0a3dce76ae4317bf398d5122f44
- SHA512
  
  f94797dbebbaa73310253ae3e573c6aa06717a9f832281363f6ac5dce47c2a6311eeb83bcf98db85f0c7205f6039196f575f61a9d6a3ed7ddba48bc2f5f1b725
- SSDEEP
  
  3072:Z0MRxLQXSljMSGVUjSFgWvNdta5PCpBXgiMtISY1ViH4X:BkSlITUjSFg/Pgp1XX
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral2
- Target
  
  langs/Qt5GuiVBox.dll
- Size
  
  6.5MB
- MD5
  
  fdb292453760d9bc3cdd0b54013c6a99
- SHA1
  
  30d27da6ec867ed2b8a53384ac947b812d9d7cbd
- SHA256
  
  86f6a04fe611ca402d3c4841561f5b396ce61f0212bb6da58c7274532e2cfd14
- SHA512
  
  eca792cc814c0d072ecb866da4a5ac41629758c91faac4cf3f5947191899919c72a1462ce97bc49382afef44780302f7ac3fb2052cfe0cdc8d2a3f390a870c66
- SSDEEP
  
  49152:onEioloxnujFw81clK7uqtfMxzWHIbi/CCwjxpE4RFzwToN2BM7PV1HbSTiBAym2:OEiEZEqeHX/RFKociJYtl8vsOM04bm
Score

1^/10
behavioral3
- Target
  
  langs/Security-Common.dll
- Size
  
  1.2MB
- MD5
  
  c5c4d6351af07abbaece1a4aa03c21fc
- SHA1
  
  0c08ff968aa41a5cc5ac5c70bc98448d8a7d9b2e
- SHA256
  
  3054976f132dda71b964b9303757078bfb75e94f19a2d2100180b86a8263384c
- SHA512
  
  6283ddb41619cca6ce6389896b045307feb3051c9e0065fc0f68c02e9e88007e4b8e967afbb873cbc02682eca76988aeba5defc9cd696ea58daa3984b1ba0238
- SSDEEP
  
  12288:c2SL/WMO8k65sFAkOLCjpN/BYP2jJHs9T/+WWUOOnDPgXz3On6LXfu0ztGtdBBEE:ch7dk65IDBFO9T/dnDPV51X
Score

1^/10
behavioral4
- Target
  
  langs/VBoxClient-x86.dll
- Size
  
  669KB
- MD5
  
  8499bcb782e639b57abb8b503d410eb8
- SHA1
  
  a4e3363a30c02fe999eedfed50a8dd200f4c46c9
- SHA256
  
  84b47308abc293515fa8b682d7ede3a53fed426a7073cfec466bcde681da715f
- SHA512
  
  344132b5148ce38174230efb51b0aaa85709bbe2f34c09ff47e9390324ee1139423717cc461e7f276db80fcb86a0509ca92cd84a18b7657d3da65c8fe427fc39
- SSDEEP
  
  12288:BfWBgRdNVSnkjiLSRHhWsfl4GhW0TAZoq:BfWBgRdNUnkHWsfl4Gg0ED
Score

3^/10

discovery
behavioral5
- Target
  
  langs/VBoxProxyStub-x86.dll
- Size
  
  666KB
- MD5
  
  6d3c7d2e108cbb7b5389f51ff68bcb9a
- SHA1
  
  e47006dbd81b0ad005dfe95339bb54ac59b20f47
- SHA256
  
  53ed3512437fbeb4277c24790ce67db048f81b60c3669765541495ef88056b88
- SHA512
  
  0b69c294c32beff25e91ccfc5fd3b26ff76e8a92b81b3f69fc0065ae6c8d8a676039303cc5195bff1d71735a1af97f920ed1a9911bcbcd27a7532f7539605fdf
- SSDEEP
  
  6144:HzhEDInt1CqI2HVP5CkxQ+1QYCQkdJvdkjiLSRen4QI2QjWsfl4GZrWJ6TPRcoLZ:H1EPCSnkjiLSRHhWsfl4GhW0T+eZ
Score

3^/10

discovery
behavioral6
- Target
  
  langs/winmm.dll
- Size
  
  4.0MB
- MD5
  
  11f756e2fa97d0fb46c2875b11dfde52
- SHA1
  
  e0301b76305ae22fbcb043a85871d2f7604c35ac
- SHA256
  
  3c0bd30009f4c97bb96742dbb873efc062a111bf6f4a39b808471310628bb42d
- SHA512
  
  b9a1c54225871089ae13a87da0e5e3e6f58be054dc2a9018a070e9b950e69abe97dca512d1258c94827b2e192bb6f5dbb1684219247604cd9fa94bf167bc2ca3
- SSDEEP
  
  98304:NJ06y8mfFEHhjaZ1m4OiPUDx9oEZmEu/5mGFY/3FP8:zKtIhjq1m4HPUDrEX/Q1/3+
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7
- Target
  
  lesseeVariant/modules.dll
- Size
  
  907KB
- MD5
  
  dc05f0b8f1a32e872721d3486e6332b8
- SHA1
  
  dbf055b0f934640fadcfaa93971fead8df7a3869
- SHA256
  
  37ec5f998a5c376d4fcd4342b43a4163d1f043e0f7711e46677cd30013882723
- SHA512
  
  0f89d713237ef11a1ef8d824ad9767bb13fb4f5f334acdd65af0ba6e54cec4a910398636683254b3fe4d46a069a1781187313684ff827a907b8b968134f6efa0
- SSDEEP
  
  24576:z0OY4ZFajHYDTR2yfVbf+c6Z5WODYsHh6g3P0zAk75:z0CZFaj4HR2yfVbd6Z5WODYsHh6g3P03
Score

1^/10
behavioral8
- Target
  
  locales/resources/Data/Managed/Unity.Postprocessing.Runtime.dll
- Size
  
  141KB
- MD5
  
  a75ea867f8f13ad7e081f64c2407c66b
- SHA1
  
  1a46a9ba7a024d91774a56190157683599443747
- SHA256
  
  8bb91dcd3aff282bd37804adcaab5a6a0337695570909eb83d88e5900007be87
- SHA512
  
  43a4de663a1f54826348ba24a6dd1beec996a59d194ee10d17c8fb0ff55430fa727a05b1c5377603c13e45b738bbef76435dc1859b0a5709fa9bae979a24c236
- SSDEEP
  
  3072:mGxexnpaRblPXA5oOoSpM+k/slzP5kH/cJAr:m7wPYF/p0KqcJ
Score

1^/10
behavioral9
- Target
  
  locales/resources/Data/Managed/Unity.RenderPipelines.Core.Runtime.dll
- Size
  
  180KB
- MD5
  
  ada7730ee67447a643a760b5324283b6
- SHA1
  
  5f246cd1a5859d1c21da052e4a8cdba545ef0ab0
- SHA256
  
  b42119b70c05796d19617774336d8fd7cf988aa3d0fda6946edc68368bdd6a6f
- SHA512
  
  5d33a1ed872396b284c1253e8b9098a96f81e316c82170b3589fbd9b1c29f59dd107d6700d963df0056b390887bcbc4d0cc983209df81e7096be89e7680b4a18
- SSDEEP
  
  3072:/WsIlcGLwg9B8NiTR3QYCFGNEnbU06oM2GPtZvKxZfzXBLFJoS:XQwgIkN3RbXoM2GPtSzXBLFJo
Score

1^/10
behavioral10
- Target
  
  locales/resources/Data/Managed/Unity.RenderPipelines.Lightweight.Runtime.dll
- Size
  
  59KB
- MD5
  
  b4bf1c91fc65a1fd3723ffb34ebf8d10
- SHA1
  
  795c1092026f121e4738f946a601834656503c76
- SHA256
  
  f8ed3296a5b654fe27d27c0d613555acaafcb707cecc7d391f02c114cbf852c8
- SHA512
  
  e8cf1c805f58907ee27f128029dffd153ccaff6f532d0204741216e026b614558a4395d9543172872fbdb49c9052adf99ae9aad1aaf1a16bae5bfa5b5751fb41
- SSDEEP
  
  1536:E7GBI73Zw+OrbMe23xtet71WRhZBvwcfxz4oJE:Bc3Zwd/MjLZBxcCE
Score

1^/10
behavioral11
- Target
  
  locales/resources/Data/Managed/Unity.TextMeshPro.dll
- Size
  
  308KB
- MD5
  
  54b9fd4d5e1abcefbc692b4384761b82
- SHA1
  
  a8f2235ba53960ed071bc7ec91fd818d2957eef2
- SHA256
  
  08e99be19807deabf798bb8e97a9ceab23472e01e43aa8a505a8656bc21a4f4b
- SHA512
  
  3a40a42da77f35b0bc064518d21d28b3033676dcfb9fd369333722894f4d84668b3f6eaf7738d89ac0cb7f5354e817e0b9af0c55de3056e516ef18250879b216
- SSDEEP
  
  6144:Up+2Fn9DbBieSSd+39YPKlTfw9SIbPNJrZKCGeeZoF0:U82FnxBi/S832PKlTvIbPNFV
Score

1^/10
behavioral12
- Target
  
  locales/resources/Data/Managed/UnityEngine.AIModule.dll
- Size
  
  38KB
- MD5
  
  9e8d7a9b34a223e383e79ac89d6ba2be
- SHA1
  
  f43b425d6eb9a395f021bb3b463f062fa7aa4f21
- SHA256
  
  0fdc7eacd631c4ded5b75e92c9b98b56cd13f063f2ea2b7ce7dad4a437f63597
- SHA512
  
  d8c2947512c69495bf3e61bab2ca2ba65a300895ffcb3fbe5ba593861d92b8c14f600f73ff1fe4776961a96faa273c471159000a9228ce378b49b7f2453d9422
- SSDEEP
  
  768:OYouZ7+t8Dz26iicuE/roMMLmMkBdaZBxVIqu2WhsieochdV2:OWFm8Dz26iiR6/e5W4hhr2
Score

1^/10
behavioral13
- Target
  
  locales/resources/Data/Managed/UnityEngine.ARModule.dll
- Size
  
  21KB
- MD5
  
  2695ae3d4a27b71c9d8a19b97c47e79f
- SHA1
  
  d7bf4cbe69839efbfea32995ec1616fedc295db5
- SHA256
  
  3598c5eb22d7afe3c738df4d019f835e67bc6724351bd69fdf106ad55feec126
- SHA512
  
  60e0145de99462f79fb77f707d57e56a99f25b9da68a9162af901be7d19b8ad7b1de84d7c44a6a4f4d77e3b720fe56f3f1a0e10a284f02a812eb6d12bfa9ff4b
- SSDEEP
  
  384:5Ny1fGJeg0A9CNRiA2As2rZMo8fiujw/vVP7NuLk+J0lcK9cjQ:5xJL4p2AsMMoNujIJ7cLkwi59n
Score

1^/10
behavioral14
- Target
  
  locales/resources/Data/Managed/UnityEngine.ClothModule.dll
- Size
  
  11KB
- MD5
  
  cf5fe12221b147e8d365887879e10719
- SHA1
  
  9b33e2e288509c43f462280c6eef5008179d7296
- SHA256
  
  bf4a02a48f25e67adaba9f73d8ac9746e1a0ecf3e5ef05afcf355de25e846ea7
- SHA512
  
  d1d03c551debccc3c00b3db8a9ae56517d364fb8207e43c7f23c9a28bbd6b52766113affd7366d37084f7066b76c8e0842abdb8aa75d48410ccd0b79f6796ce1
- SSDEEP
  
  192:06AtDEv401l3yYXI3G4y3ssQOJz4EzmSPedJFRft9K8xnvWUcj+Z:065v4011yqI24y3ssQ24EDedJFR3K8xR
Score

1^/10
behavioral15
- Target
  
  locales/resources/Data/Managed/UnityEngine.CloudWebServicesModule.dll
- Size
  
  5KB
- MD5
  
  9fca86f7191b02389ad172f40cfc262d
- SHA1
  
  e68df1c3d26351c952b4172ac899e145e963a58c
- SHA256
  
  5ea741dea103ce91687eb93dd6a72b748bd6f01c00813fbdbb1708b038fd9865
- SHA512
  
  7d91ecd5755fb113f91d7897bd32596698b67714fda8a60594c4455b8b0cfabd619a1d77f783870577f62cf331af648bd8fdfd4d5a55b1683d2f4f5625c987a2
- SSDEEP
  
  48:6XFFeTYUJinK7ar04F54TByEV33aLcjinqnEwE+OPulLi0XINxI:ueUUJluiaLcjAKE2xi0XIN
Score

1^/10
behavioral16
- Target
  
  locales/resources/Data/Managed/UnityEngine.ClusterInputModule.dll
- Size
  
  7KB
- MD5
  
  73efb0ed5482d484b7ba1e5585b2b072
- SHA1
  
  0b0ad2d8350f0e44aa8665db8c8dd266361925ad
- SHA256
  
  451357d130ee40a8f033aa0f16d33e3469f3482b01636ec39c1c3f770ce628a3
- SHA512
  
  21a6a8621f40c667ada0b47fa5d7ec379a1ff152fa892871bc624199e42b304a021baa59ef63239602167e78f2b77ed7f1ade30547e372193cc7e64ec85e699c
- SSDEEP
  
  96:WbXJMBj8Ew/FjUqEcNGn5khaaLcjpWQVdV0TIdC:cZMBR2FjUqEYGn5mTcjVeqC
Score

1^/10
behavioral17
- Target
  
  locales/resources/Data/Managed/UnityEngine.ClusterRendererModule.dll
- Size
  
  6KB
- MD5
  
  cf2005559fca655f9bac73a6cc8b251a
- SHA1
  
  4862a361cdae568739e5a1ed828f3eff5ddbc8e9
- SHA256
  
  526b7cca3f818882eb41dbfa8cef85c5e358cce355db4167533a3161a3f5e6d3
- SHA512
  
  fcfc0b290d902ab88a7835cbd647d5e025556b15e64af3479c1791f0d6410c62178e032fa41bca07bda2e6d09cb594d079f4b3b2660fc8e9aa3641c66e6e21ab
- SSDEEP
  
  48:6CiN7XHniSSgIRFIaSyr+qgDfn9p7V2DPTByEV33aLcjOnqnpaOPuledk0gIdHZI:2N73iiNa3MMJaLcj0r0dk0gIdH
Score

1^/10
behavioral18
- Target
  
  locales/resources/Data/Managed/UnityEngine.CoreModule.dll
- Size
  
  758KB
- MD5
  
  d6a477138859dd69f6f81e8d44e51e8c
- SHA1
  
  f2317d05bb57552a852870fe22af1609b46c7716
- SHA256
  
  8cffd80981c3e5b65ae82cda845281f94c7110ba38621d3aeaee5939694ff7db
- SHA512
  
  20118c20320aabc88e40b465b86fce7733784726fd722026868c8e75b544799923d2a86f4eb4cd7cbddc3f5d86ca53f14c4ef9abd0f5c24da823111792a9cdea
- SSDEEP
  
  12288:Q2lo8VXVKSuGOjMCMRRvBXK4gfL+CBzNzRtY:vo8VX1qM7R5B6tz+CBzTtY
Score

1^/10
behavioral19
- Target
  
  locales/resources/Data/Managed/UnityEngine.CrashReportingModule.dll
- Size
  
  6KB
- MD5
  
  0cef4bd77a1f927a2d3dae5d3aa5f862
- SHA1
  
  631c433044afe9975e6f0785b96c6f78756b6cfa
- SHA256
  
  c34a751a65ccb9063b573dfd531e83c72456e8a536615a1a519acbf3950a7ed0
- SHA512
  
  3efc6e670110fa1db91335803945072a206d041b72d40dcd4a5e4f1e7d367a5e32ef8dff379b143e164b6d6947915de1d081129f9c15459b925058e322bf0a13
- SSDEEP
  
  48:6yJ/6CsA6ngat12nwzomr+qgDfNGBjYTByEV33aLcjOnqnXaOPulBzoZ05IomxI:9/BsA6nzP2wzbtBeaLcj0Drz005I/
Score

1^/10
behavioral20
- Target
  
  locales/resources/Data/Managed/UnityEngine.DirectorModule.dll
- Size
  
  10KB
- MD5
  
  3f71b60d4e2cfefcd151467f09885339
- SHA1
  
  4d8c5fd196ed3e7f875fe1f574efb1ad4dd613da
- SHA256
  
  70162884548852e78327d45d14d8dbc7e142b9ac03d75b7c60074508163a1737
- SHA512
  
  fb2494c3af6703f296e39e76e44e3120d19914df3f9716753dee0d4147a8960144197813e1abe9595a269aa675278e7b9abb7dd3723097481326649f76d92cb9
- SSDEEP
  
  96:jRU4Vpx7Ag6Qq9HDJsbWNRM50EZVngT0h391bKDzMBi83jEaLcjptVF0fl:jRpGxHDFMuENVKzMg8JcjQl
Score

1^/10
behavioral21
- Target
  
  locales/resources/Data/Managed/UnityEngine.FacebookModule.dll
- Size
  
  5KB
- MD5
  
  943f225c2983cb6b1b2b80a12a83c733
- SHA1
  
  463d951e0cc0024b1f16c747d438138dc30f6f62
- SHA256
  
  7bec392d4a460d6115fa86a003c3fad305aa887701221711b9015a7e3f9b6bc7
- SHA512
  
  7889d0a2189c87df1742e061047c3ebee5892ae0ea98c89b629e9a6cbebcddd121d5f93deaa2c630332f7ae169e69cbbd7e15e1eb42c8e59eb23cc64720d8a2b
- SSDEEP
  
  48:61F46BTYUJinKa2r0TJ51TByEV33aLcjinqnhQFOPuliEP30f3EPExI:O4/UJla2mvaLcjADVE630f36E
Score

1^/10
behavioral22
- Target
  
  locales/resources/Data/Managed/UnityEngine.FileSystemHttpModule.dll
- Size
  
  5KB
- MD5
  
  55b27b6943fdc483b7a7957a714235ad
- SHA1
  
  9e38ec2c9d1983872864fdd0b02dabf96b2b8bb8
- SHA256
  
  e706022513ca282d1b56b2647dd56f37c4883310076bef3ed2a30b372c19d51c
- SHA512
  
  0ef7185fa87597e40834bb31a91f64773ec88bf0b4ae93eb121e27606d4b29e094b0a66a0cc8c8f2fc3b6b484e5478f866b86b396ef09be868b12d2470ef6cf7
- SSDEEP
  
  48:6tFDNYUJinK2r0C5uATByEV33aLcjinqnQaOPulBCn0530xI:mDeUJl2/aLcjAMrCn0530
Score

1^/10
behavioral23
- Target
  
  locales/resources/Data/Managed/UnityEngine.GameCenterModule.dll
- Size
  
  23KB
- MD5
  
  29769d5d909a8abadab57d64d806340b
- SHA1
  
  cf9445b2a7f02cfb2772cf90b8f257667f51a178
- SHA256
  
  ef3f0ff029c0c985eac4cb780cbc6453cbbd7492ea626a6dda2f4faf3d9bc5c8
- SHA512
  
  71a39ad4b7ab5837063af9e3412fda6d1b8607addca9bc293d38834a0c4622cf27102159c4a516b4a70a7abba152c35b2d3376aeee8d169c0c469394900da2d7
- SSDEEP
  
  384:QiqYJoa4/HvWa1NfDTJOPR7rT27tztT5KhbEswSjkD+9n9/Rcje:QyJoBvWa3fZO57rT+tz95KBEswExh9pT
Score

1^/10
behavioral24
- Target
  
  locales/resources/Data/Managed/UnityEngine.GridModule.dll
- Size
  
  10KB
- MD5
  
  c1ee366ed3cc99a4d60b9bcd952a0f11
- SHA1
  
  f0ce0ddc74dd08940f75f819c9d55c11cbacdbab
- SHA256
  
  cb92fef963e7d42d3371c17d885c0834e692599af74311f55c30cf9600389340
- SHA512
  
  c977fbe217a2a12f98b3fe8a4d70f9ccbdb4bac78ee6b883a2232af445bfda7bee86135ca5026ce4f50ec6ba60d6c4fce578ef100c083a16a74f740bb97f0342
- SSDEEP
  
  96:F1nDNR600IAPuolYRfCZbafzeIqVdz00z1w76xqaLcjZ7R0Lt:deuv6kfBqVd4e1wG1cjgt
Score

1^/10
behavioral25
- Target
  
  locales/resources/Data/Managed/UnityEngine.HotReloadModule.dll
- Size
  
  5KB
- MD5
  
  5dc6449adb1a73b635d46411a49c04ab
- SHA1
  
  7c88cd43a5370aa99539af78e21cdc39d63ae25d
- SHA256
  
  2c03bb308b132326904da69f37240bc4a3c1ac2abf9c484a30c0d51f7350d3c3
- SHA512
  
  ef00ddd6d8908963ec6f1276c5a62a3a141d94c79f816a5f619c3b03b1edcee62b5ffdade9d313587614bf4a359d3d7ae9089186709678f667605b87c7b0c5a3
- SSDEEP
  
  48:61Fwh6YUJinKAr0V5uaTByEV33aLcjinqnhQFOPulyJ0OW2ZI:OAtUJlASaLcjADVW0On
Score

1^/10
behavioral26
- Target
  
  locales/resources/Data/Managed/UnityEngine.IMGUIModule.dll
- Size
  
  145KB
- MD5
  
  d297ce94e0756db5a385df6a8bd4bbd7
- SHA1
  
  7c8b708a37109c0ddf78772f6df917427a8520e8
- SHA256
  
  3b8e0a9655baf1edba10d68464d03280f9b00d88bdab0e5cfb1e7b409652c400
- SHA512
  
  8d8d881957e4615832095053039b64185f5fe5d7ea31093a7f27a936cbaced46ef9eaeca539cf81424f2c62d31d0eb3a4ee54c1287f1fa84c2102e09f271f3c2
- SSDEEP
  
  3072:X65+qQnLDi6kShqSqzbsFRSJcsPOJIo+zsCB:q5kfilsF3sPSIR
Score

1^/10
behavioral27
- Target
  
  locales/resources/Data/Managed/UnityEngine.ImageConversionModule.dll
- Size
  
  6KB
- MD5
  
  c36d07436d7b0ed22e7a995f1177ad5e
- SHA1
  
  4babcf74ea7d2daf6b35356e34156611210730f0
- SHA256
  
  4e64c4fa4d2c23bb8e9437495a1c37ce0fbc291407bcee9a39724caacec74423
- SHA512
  
  37b301778835e65d89cd0b85ae1210868e34f3d09ce066453034e933d6fb5234b11ea22ba2bc8f00a05c8d554dd084a0770d0e9260cd35d95a3d22eaeeae01fa
- SSDEEP
  
  48:6AuG4GI6/78MIqD8wHnTD5scAZHaCqgu4YLqL31aNuavTByEV33aLcjRnqnEaOPI:/tAqD9/mHFYq1K5paLcjpYP0go
Score

1^/10
behavioral28
- Target
  
  locales/resources/Data/Managed/UnityEngine.InputModule.dll
- Size
  
  8KB
- MD5
  
  6c8b89ff4d920e54aeaa6544ed7f8c5b
- SHA1
  
  469a135ec7da880e788307584da59352821fc514
- SHA256
  
  a868f4c4f8d3db369a696a03c6ed8f92a6a6b0863be7460d8c2ccb761ec321f7
- SHA512
  
  9ce7ed0022feb8081045ea3b4eef1a78d4acc4712bfd94c44bebafe0f8f1c698cf30e8476fde0b6e8eddd67e120e97698d2b8e4562c38e76495ece625561f6bf
- SSDEEP
  
  96:WNm4aokEk/yHlSEGJpk2NgcrLtdV8o3wVdgoUL32lUaLcjlOW0KT:Od4YEk2OcNdV8oAVLLcjPT
Score

1^/10
behavioral29
- Target
  
  locales/resources/Data/Managed/UnityEngine.JSONSerializeModule.dll
- Size
  
  7KB
- MD5
  
  5e9f02d4ee511d4fbb2c458f76074cbf
- SHA1
  
  09f8c6dcc0e68789632cc7f57afbfbf3407a911a
- SHA256
  
  5d9ec04e187090b3034d4c2988708eb202eb7d08b3a8f473cc82e0b8f157bdf5
- SHA512
  
  e43ade0454d6a9a46341aaddf7eaa5dc44087be7db43d811381ff6f2d8ef13fec207049777da689791b9fafb74bd735da772c982b7071d86a3c3c9c78e46be38
- SSDEEP
  
  96:frr71wkKH4Hv40qH2lIowL+mx1H0872TpaLcjJ8Q20S7:frEH4Hv40qHIIXLVV72gcjc7
Score

1^/10
behavioral30
- Target
  
  locales/resources/Data/Managed/UnityEngine.LocalizationModule.dll
- Size
  
  6KB
- MD5
  
  392f2001240ab07c011ce2fcaf4ec93b
- SHA1
  
  1d08f03e6234a84788dc5aa2b3aad6ae2ba5ead3
- SHA256
  
  b1f8b8101e99c312448e2011e1afa6025d34faa0c6468484397d1cfa109b7146
- SHA512
  
  6915366ae0cc698b15848af2c0d5f2c5635fbd4d165a7dea4c37843e2a7116750f98bace748171e06e0d8701f454bc969da94635cc1f43fc86fce6037bbf90db
- SSDEEP
  
  48:6yJig8gq02dApbJqeCx+er+qmr2+e0fxY8mTByEV33aLcjJnqn5gsoOPulF/o0T1:9ig8gq0KYdCAej+JhEaLcjBaQXo0TQT
Score

1^/10
behavioral31
- Target
  
  locales/resources/Data/Managed/UnityEngine.Networking.dll
- Size
  
  250KB
- MD5
  
  c0f563d141f67d17eb1364bb7e3c2690
- SHA1
  
  840cd5373b1df73f8bc11736f407485cdc56c41a
- SHA256
  
  5d44c7bdf640be9cd3139f2d3565a1c652a2e8a7e533540b5ac78718b5a90067
- SHA512
  
  97e754f8a332f31dc1aa6b501cf358cbaa4f038c50cd3546f416bd10df0c5c922bd91afabf531ac6f9f19f3746ae809cab172d5a901bac1cb4a30aa99c1e1b43
- SSDEEP
  
  6144:PjKeO0vRwfWPdwRCcAONC8BHrLOKTur+4NgHdVq8k:PZ5RwfWPuTdVq8
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect Vidar Stealer

Vidar family

Reads data files stored by FTP clients

Unsecured Credentials: Credentials In Files

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Event Triggered Execution: Component Object Model Hijacking

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32