General
-
Target
Setup.exe
-
Size
344.3MB
-
Sample
220517-najqlsahh9
-
MD5
98951a9350a223c31798ececed56e243
-
SHA1
5e36293e8db767a777060c3c3cdb597133c64e00
-
SHA256
cf200fb6b9bd7938fe810a5b1bf7b20f90b805e91529b6d5964d25b230f052a1
-
SHA512
b66d8e05ea061448d201e6332f3d7056197ac7b0a57f9210b99e6e9cf6cc866ad21c5489693521c96815adb3d3020d2648ed919708c1656bf3e292bc645e7c9b
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.1
1281
https://t.me/verstappenf1r
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
344.3MB
-
MD5
98951a9350a223c31798ececed56e243
-
SHA1
5e36293e8db767a777060c3c3cdb597133c64e00
-
SHA256
cf200fb6b9bd7938fe810a5b1bf7b20f90b805e91529b6d5964d25b230f052a1
-
SHA512
b66d8e05ea061448d201e6332f3d7056197ac7b0a57f9210b99e6e9cf6cc866ad21c5489693521c96815adb3d3020d2648ed919708c1656bf3e292bc645e7c9b
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-