General
-
Target
Setup_Activated__PASWD__55555_[v1658787644].rar
-
Size
7.2MB
-
Sample
220906-q5hg5sbadm
-
MD5
3f66652c48a7c84b23186605de784f2b
-
SHA1
44f914f7766418d53e74a81bf50fc432a1ead2bc
-
SHA256
96357fd4f3d7c2e7af393c2c9f2319b7a4474ba3b6cb731456b3f146bb8c0beb
-
SHA512
b7ab4130fb5861b1b3fb0568ba12310da60c2c30b68221eea65a4cdd7cbdee9d6e4ca64308c2f7f19d2f192358da31a982e11519dbb21d366a8369964682386d
-
SSDEEP
196608:X9BqxKwqwCfyO6l8ASv4lJaAD3QB10MX/xuPU45g:tBqRqjfNxwlsAD3QBScS5g
Behavioral task
behavioral1
Sample
Setup/Setup.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
53.3
1281
http://185.53.46.199:80
http://77.75.230.119:80
http://5.252.23.43:80
-
profile_id
1281
Targets
-
-
Target
Setup/Setup.exe
-
Size
385.9MB
-
MD5
0cc8c8d79c0eb8352305dc80d4c7d28a
-
SHA1
e9b479a3f4b33d3ebcc41d21584fd7abc26d28e0
-
SHA256
1f312cb92e5c7cc484f5c343efd701d8bb750a66be308f6aa863632a4c4a198b
-
SHA512
0d0e541291bc3538d5492edb4867861ec1213167430ed0c5537d08e66d834a20a67d0cd8c839b81b0de7d6a9c3c45a661c6d7d178885cd73da7cb529408c15e3
-
SSDEEP
196608:VyNOITMCu3NV65LeRg6HOHRyr8CjrESz+SEdaHB:VaOyMxdw5L+qvAESzlx
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-