General
-
Target
3cc86dcff59b717324ebef671b4772107fb9950a73528019d4484773932b5a71
-
Size
2.0MB
-
Sample
220115-pjb8kaebe6
-
MD5
839d7dbac7284c842dde27b8d3a3528d
-
SHA1
530ee428d5925328f6f9a813a7529c697553350e
-
SHA256
3cc86dcff59b717324ebef671b4772107fb9950a73528019d4484773932b5a71
-
SHA512
2c96d266b7a9362d451ab203687983d8477c67e30f9999a6b51f11126d6f848b0c5cac4844c250585b4cca8f87299e6345952b7b2e982db5d88a1523a619bf35
Static task
static1
Malware Config
Extracted
vidar
49.6
1120
https://noc.social/@banda5ker
https://mastodon.social/@banda6ker
-
profile_id
1120
Targets
-
-
Target
3cc86dcff59b717324ebef671b4772107fb9950a73528019d4484773932b5a71
-
Size
2.0MB
-
MD5
839d7dbac7284c842dde27b8d3a3528d
-
SHA1
530ee428d5925328f6f9a813a7529c697553350e
-
SHA256
3cc86dcff59b717324ebef671b4772107fb9950a73528019d4484773932b5a71
-
SHA512
2c96d266b7a9362d451ab203687983d8477c67e30f9999a6b51f11126d6f848b0c5cac4844c250585b4cca8f87299e6345952b7b2e982db5d88a1523a619bf35
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-