General
-
Target
Installer.exe
-
Size
7.3MB
-
Sample
220506-nt8h3scebq
-
MD5
f0f3dd8d6c79540592e7959f4acc185c
-
SHA1
c3ff30188af8f06ed8f1d759ae5308fe31bd26e3
-
SHA256
27c458a04be0086bfbb8c2a5e89e04e63ec7f0ad3b4f8c6efa1a19d00be70d14
-
SHA512
7d18d657df71a512e63bb4b0f6dc6a06f29965c2253409876a3be0dae76cc21021579d9fd3ad0d53afa46b4a1c4a66f5c9442ee85bde7890cfe3451dd1457351
Static task
static1
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52
1281
https://t.me/hollandracing
https://busshi.moe/@ronxik321
-
profile_id
1281
Targets
-
-
Target
Installer.exe
-
Size
7.3MB
-
MD5
f0f3dd8d6c79540592e7959f4acc185c
-
SHA1
c3ff30188af8f06ed8f1d759ae5308fe31bd26e3
-
SHA256
27c458a04be0086bfbb8c2a5e89e04e63ec7f0ad3b4f8c6efa1a19d00be70d14
-
SHA512
7d18d657df71a512e63bb4b0f6dc6a06f29965c2253409876a3be0dae76cc21021579d9fd3ad0d53afa46b4a1c4a66f5c9442ee85bde7890cfe3451dd1457351
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-