General
-
Target
9202332b09585cbbe52f079128a9522a7c46dea6fbccca7f1eca9f15a77c46ac
-
Size
1.8MB
-
Sample
220731-fszksaafdp
-
MD5
a97637c00b071d2bdea37f13225e84f9
-
SHA1
627e3e1264772b88d1589e32d1da5ac636d161fc
-
SHA256
9202332b09585cbbe52f079128a9522a7c46dea6fbccca7f1eca9f15a77c46ac
-
SHA512
8d3adacb7fde7de3e021894c02b87088c862636ef3b2d534ab92eda25ac4a28a702cfbb9517c772d3867feb181144a0a2d02e33fe6cd541a5c79151ef7c600ab
Static task
static1
Behavioral task
behavioral1
Sample
9202332b09585cbbe52f079128a9522a7c46dea6fbccca7f1eca9f15a77c46ac.exe
Resource
win7-20220715-en
Malware Config
Extracted
vidar
13.7
223
http://keitbeschutzen.com/
-
profile_id
223
Targets
-
-
Target
9202332b09585cbbe52f079128a9522a7c46dea6fbccca7f1eca9f15a77c46ac
-
Size
1.8MB
-
MD5
a97637c00b071d2bdea37f13225e84f9
-
SHA1
627e3e1264772b88d1589e32d1da5ac636d161fc
-
SHA256
9202332b09585cbbe52f079128a9522a7c46dea6fbccca7f1eca9f15a77c46ac
-
SHA512
8d3adacb7fde7de3e021894c02b87088c862636ef3b2d534ab92eda25ac4a28a702cfbb9517c772d3867feb181144a0a2d02e33fe6cd541a5c79151ef7c600ab
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-