General
-
Target
7437036168.zip
-
Size
2.9MB
-
Sample
220520-n8gznsecbn
-
MD5
459c3130ad913a4b309fd778bad0886c
-
SHA1
c989039a53cee7b2913f38cfee87d5eb6c9e647c
-
SHA256
8d1b26a938d38b8a975d9adc512dc109af43782bc01acb0ad21528512a8d2b39
-
SHA512
daaf6c7151bf8fbed4c95dedfe9eabe4b4142c68b4f504ba4262d3cb758a86b101f15a6c4c332290cbf7e6b1284c5b2810d5e9f2a74e4eaf73d8b22803e7a2e7
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.2
1281
https://t.me/netflixaccsfree
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
397.6MB
-
MD5
c011c5bad19774ebf56ec031387998a7
-
SHA1
df8a65c3b049e81f5633086ea5f66b8a5b82f435
-
SHA256
330aeaaf79d476459e8808ccf795879e94d6892a1610cf4460958e790e0d0b25
-
SHA512
3a393844490f399e6d851c9fbd0aa5ab5284ebc5e6cdac7094e7fb88dbed01856c0e777db619437925e6e0d4b5df700a3641b498d8e4df504f862013eab1bdb3
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-