General
-
Target
Unlock_App_v1.4.exe
-
Size
368KB
-
Sample
241223-smdscatjcl
-
MD5
210db5e5a7134750116ac59759272548
-
SHA1
843f55b07a3431e2e7da1fb6c2d50dd274e7c63d
-
SHA256
e5394a5a176beb88c9b567a407df944218889ed97bc52ecd20c20a92231afb4c
-
SHA512
51c05e3f31224e74b9e46bac0bb378be08fdece22a41867f2e18babb40d9805b57284249430f17f78ece4a29bf21293810135d3b245d0508fba21f92dbd6c5ba
-
SSDEEP
6144:/uB9dXjK8N6TZx84iRp5YSJIbD29uTsxkfbaonXYQQIPcZ+9A2gtvQYSw7yCz:/uB9du8NOZx84E5YoSfbLDQIm+W2gtvV
Malware Config
Targets
-
-
Target
Unlock_App_v1.4.exe
-
Size
368KB
-
MD5
210db5e5a7134750116ac59759272548
-
SHA1
843f55b07a3431e2e7da1fb6c2d50dd274e7c63d
-
SHA256
e5394a5a176beb88c9b567a407df944218889ed97bc52ecd20c20a92231afb4c
-
SHA512
51c05e3f31224e74b9e46bac0bb378be08fdece22a41867f2e18babb40d9805b57284249430f17f78ece4a29bf21293810135d3b245d0508fba21f92dbd6c5ba
-
SSDEEP
6144:/uB9dXjK8N6TZx84iRp5YSJIbD29uTsxkfbaonXYQQIPcZ+9A2gtvQYSw7yCz:/uB9du8NOZx84E5YoSfbLDQIm+W2gtvV
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-