General
-
Target
Installer.exe
-
Size
364.9MB
-
Sample
220506-qtvy4ahhe5
-
MD5
6f4a55e3149cdaeee406f45159143ad3
-
SHA1
8b78b75db208bc8830bc6ee4a336c4a6924ad162
-
SHA256
db3a04ac7c84019a5cea15908ee835b1a76acb289f3657bb8aeddfe780ae9885
-
SHA512
f5134c9f08493b1f16cba0bb2c77663358908305eb865df8928e425bd4b710416f16b9fc149122bc25184e26e9f605b08121ff701ba56bd56b3c08036ba61d8d
Static task
static1
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52
1281
https://t.me/hollandracing
https://busshi.moe/@ronxik321
-
profile_id
1281
Targets
-
-
Target
Installer.exe
-
Size
364.9MB
-
MD5
6f4a55e3149cdaeee406f45159143ad3
-
SHA1
8b78b75db208bc8830bc6ee4a336c4a6924ad162
-
SHA256
db3a04ac7c84019a5cea15908ee835b1a76acb289f3657bb8aeddfe780ae9885
-
SHA512
f5134c9f08493b1f16cba0bb2c77663358908305eb865df8928e425bd4b710416f16b9fc149122bc25184e26e9f605b08121ff701ba56bd56b3c08036ba61d8d
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-