General
-
Target
4c1e9b5895afa60b277001df0b89ec7e7721b7831ca4f5fb354263251bd4cc40
-
Size
376.1MB
-
Sample
220718-ll6y6sccaj
-
MD5
02f8796facf43ac43e88251e248bdd6a
-
SHA1
e30cd6e687a5fa480e6273e5c5648ce8143e25e9
-
SHA256
4c1e9b5895afa60b277001df0b89ec7e7721b7831ca4f5fb354263251bd4cc40
-
SHA512
9145dd598019b1a42988f5efe155a4e64a97b38165ebb6f9623418ec560a74732580e929ef8dd8e69306e49751a030fe8c5fe1cff5b5066208eb3c02fff3f0e2
Behavioral task
behavioral1
Sample
4c1e9b5895afa60b277001df0b89ec7e7721b7831ca4f5fb354263251bd4cc40.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
4c1e9b5895afa60b277001df0b89ec7e7721b7831ca4f5fb354263251bd4cc40
-
Size
376.1MB
-
MD5
02f8796facf43ac43e88251e248bdd6a
-
SHA1
e30cd6e687a5fa480e6273e5c5648ce8143e25e9
-
SHA256
4c1e9b5895afa60b277001df0b89ec7e7721b7831ca4f5fb354263251bd4cc40
-
SHA512
9145dd598019b1a42988f5efe155a4e64a97b38165ebb6f9623418ec560a74732580e929ef8dd8e69306e49751a030fe8c5fe1cff5b5066208eb3c02fff3f0e2
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-