General
-
Target
Setup.exe
-
Size
351.8MB
-
Sample
220510-at6gtseec7
-
MD5
db1096d80b5ae4b669ac4d5df294c519
-
SHA1
3c5af986c1a111a926e6c085e176c67a9f25fc7e
-
SHA256
6a47170fff01879e1bfd00ed90dc2b79df5314bd7e81e3883c431aa308c4357f
-
SHA512
a494fb4dc45247604e0678090243f4f354a440aefc20e70943bad70e9b969605f7ab9bbb06d0a995150ff5b144ffce5181f8cbfc33d0d41a1b972d0842d6edd6
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52
1281
https://t.me/hollandracing
https://busshi.moe/@ronxik321
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
351.8MB
-
MD5
db1096d80b5ae4b669ac4d5df294c519
-
SHA1
3c5af986c1a111a926e6c085e176c67a9f25fc7e
-
SHA256
6a47170fff01879e1bfd00ed90dc2b79df5314bd7e81e3883c431aa308c4357f
-
SHA512
a494fb4dc45247604e0678090243f4f354a440aefc20e70943bad70e9b969605f7ab9bbb06d0a995150ff5b144ffce5181f8cbfc33d0d41a1b972d0842d6edd6
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-