General
-
Target
FiIe_Pass_1234.zip
-
Size
5.3MB
-
Sample
220429-j42fasebcm
-
MD5
a544dfafbde1de3af68332f7f986299b
-
SHA1
524c398bda11c10a7b6e5b386c0a215f0d8950d1
-
SHA256
6457b347282528348505ac857ed020eea39d8a52ad904a73cb86909fd9eb0eff
-
SHA512
1ea0e9afdf1e7f71deb842824cb780f672e67eab280c075d220c270c3b708adf6beab938244e018fd9e6b036f1eea369ee4d3e6ff2150c51db824f984d85d389
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral2
Sample
docs/userguide.pdf
Resource
win10v2004-20220414-en
Malware Config
Extracted
vidar
51.9
1281
https://koyu.space/@ronxik123
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
335.3MB
-
MD5
e9a3562f3851dd2dba27f90b5b2d15c0
-
SHA1
98be930c6674cc31c9cf7efb656f7fadb320a273
-
SHA256
e600b8ef36477ed37d924b1ba8deaadeab3275392ba0accd6329a11542adbaad
-
SHA512
0cca077c8d12d7122b89dc1e6c60e13730e387fb194e6df6d64ae1ec9eb680d98251951d8a06d59c356d6c643fe9589be7ed22187306c47a15af8d5bf1e80740
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
docs/userguide.pdf
-
Size
1.6MB
-
MD5
de0ece964c20ce9316f17874e2ef4b8b
-
SHA1
3b3b02d59b636b3f789d5af88eadd63ac9af5d0e
-
SHA256
73f0f8c4e621295960fa697188ce37c8332d62f8f0e1946913fb82ed4640cc51
-
SHA512
5471b4f3c721ab9c4038b23e1d41051565cd7acea998f2a9ef169f9f6c4f72ead98b65d2f785decb2278ccac0d438249c8441955336c9cf48dd0327aad38fef0
Score1/10 -