General
-
Target
a5c87433df7f9a01cd7140d0882e6f227c62076b14d92f6fd9ab3e0570b596ee.rar
-
Size
3.2MB
-
Sample
220506-b88feabghr
-
MD5
98b6b7b2846555b674409f040430ec72
-
SHA1
fc83deca0cf7448ea1e4d6bd14a28f1c37690adc
-
SHA256
a5c87433df7f9a01cd7140d0882e6f227c62076b14d92f6fd9ab3e0570b596ee
-
SHA512
a3066719c5420c790ddef515bcfa28e19435a98922efc0be7c0ebb2f23581e9a55ec2a97f0df970cf0b4360970356f71b4998ee21366c4b5ea043f1b0ff0e13c
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52
1281
https://t.me/hollandracing
https://busshi.moe/@ronxik321
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
344.0MB
-
MD5
92c1feb5ee0d3203e8b4ef4967542fd7
-
SHA1
109f5d4c1dc6a3abcd18fa3cb3fb9c59de9c9251
-
SHA256
1a5c3c000bb09f9c08069696c437f6d5139d101c9bf0e0668ec0bda35d64f626
-
SHA512
fd3053dbbec45473a3e107ea3ca1c09035772c101680af43ed3c0df5c24c82528f00f34d8414f914acd24bf433130bae041578d308e915707db2985739c160e8
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-