General
-
Target
4.exe
-
Size
335.3MB
-
Sample
220429-stadhafhdr
-
MD5
e9a3562f3851dd2dba27f90b5b2d15c0
-
SHA1
98be930c6674cc31c9cf7efb656f7fadb320a273
-
SHA256
e600b8ef36477ed37d924b1ba8deaadeab3275392ba0accd6329a11542adbaad
-
SHA512
0cca077c8d12d7122b89dc1e6c60e13730e387fb194e6df6d64ae1ec9eb680d98251951d8a06d59c356d6c643fe9589be7ed22187306c47a15af8d5bf1e80740
Static task
static1
Behavioral task
behavioral1
Sample
4.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
51.9
1281
https://koyu.space/@ronxik123
-
profile_id
1281
Targets
-
-
Target
4.exe
-
Size
335.3MB
-
MD5
e9a3562f3851dd2dba27f90b5b2d15c0
-
SHA1
98be930c6674cc31c9cf7efb656f7fadb320a273
-
SHA256
e600b8ef36477ed37d924b1ba8deaadeab3275392ba0accd6329a11542adbaad
-
SHA512
0cca077c8d12d7122b89dc1e6c60e13730e387fb194e6df6d64ae1ec9eb680d98251951d8a06d59c356d6c643fe9589be7ed22187306c47a15af8d5bf1e80740
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-