General
-
Target
1.exe
-
Size
334.9MB
-
Sample
220429-r9gxvafgbq
-
MD5
da82d43043c101f25633c258f527c9d5
-
SHA1
75c80701c253990fd6bd60a76c96315be9c30b6a
-
SHA256
8a2a200ae56ff80f9d861d72f9ad8f5d3d57bf8ae600e5b376a6e2bb89996dfd
-
SHA512
cf032783137f1a577bb144d42e8479d65394f1e203f5ccb25e2e034eca189009d284d618de378396a52fc8f9e4d7c8b15c6edcce2f301ade1515f260f1f9ab08
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
51.9
1281
https://koyu.space/@ronxik123
-
profile_id
1281
Targets
-
-
Target
1.exe
-
Size
334.9MB
-
MD5
da82d43043c101f25633c258f527c9d5
-
SHA1
75c80701c253990fd6bd60a76c96315be9c30b6a
-
SHA256
8a2a200ae56ff80f9d861d72f9ad8f5d3d57bf8ae600e5b376a6e2bb89996dfd
-
SHA512
cf032783137f1a577bb144d42e8479d65394f1e203f5ccb25e2e034eca189009d284d618de378396a52fc8f9e4d7c8b15c6edcce2f301ade1515f260f1f9ab08
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-