General
-
Target
6f14c5e0caf8051d06f72a6101536cc071a2b40c6a53e8ecad925c06c456f8fa
-
Size
1.9MB
-
Sample
220725-d3tq6schg7
-
MD5
879dd7357ea74526733c6ea13003839c
-
SHA1
6a69a7c8cd7db126e2fad2de6606f3a6170a36dc
-
SHA256
6f14c5e0caf8051d06f72a6101536cc071a2b40c6a53e8ecad925c06c456f8fa
-
SHA512
d3b8c109d429e249b48c8eb2be57d6329d26fdd3db45c838096f1f063ca1e64b75a7b80cba4777acd1c871f2980db67c51a11df094efdf9edd4dfaa718193d69
Static task
static1
Behavioral task
behavioral1
Sample
6f14c5e0caf8051d06f72a6101536cc071a2b40c6a53e8ecad925c06c456f8fa.exe
Resource
win7-20220718-en
Malware Config
Extracted
vidar
13.7
223
http://keitbeschutzen.com/
-
profile_id
223
Targets
-
-
Target
6f14c5e0caf8051d06f72a6101536cc071a2b40c6a53e8ecad925c06c456f8fa
-
Size
1.9MB
-
MD5
879dd7357ea74526733c6ea13003839c
-
SHA1
6a69a7c8cd7db126e2fad2de6606f3a6170a36dc
-
SHA256
6f14c5e0caf8051d06f72a6101536cc071a2b40c6a53e8ecad925c06c456f8fa
-
SHA512
d3b8c109d429e249b48c8eb2be57d6329d26fdd3db45c838096f1f063ca1e64b75a7b80cba4777acd1c871f2980db67c51a11df094efdf9edd4dfaa718193d69
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-