General
-
Target
bc80b0080e33ad37df04310ad6838193bb3898b07c73bfe93dc29fd2391c4110.zip
-
Size
4.0MB
-
Sample
220430-hwytrsceaq
-
MD5
120ef0c0862737e29bcb14151b06013e
-
SHA1
b31d09a95e4900bc448ef48ff8825bff6bd4b955
-
SHA256
bc80b0080e33ad37df04310ad6838193bb3898b07c73bfe93dc29fd2391c4110
-
SHA512
d0b8f23b8d6b82197455677ff9ed3daa2fb9e6691bba7b0120b05567f668d2df2672444f1be74e2068201e4c14617aa661338b0a5aefcb069dcea89f46213140
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220414-es
Malware Config
Extracted
vidar
51.9
1281
https://koyu.space/@ronxik123
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
338.0MB
-
MD5
039cda4ee2414dd98e00b4a13f7b4a54
-
SHA1
0c925e9e8122cb757201e7986de2773c565cd267
-
SHA256
5dcf1ea5f6ae515c13ede6e24e55105b06b4cc055ee677f41cdf0af9adf9ef16
-
SHA512
4b2aa2a54abb8631d6acd5922fcb45c5b1574c87df59f82f8428c79dc9a054e9da3e56e9127b0d0167bf27c6595824e3d15cd9d41025f25db3de28cbc25de76d
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-