General
-
Target
file.exe
-
Size
4.7MB
-
Sample
220927-s5w2msehdm
-
MD5
f7b6b9cec30df72706dee2dc10b298ca
-
SHA1
a1a9226a08b3c9acc9ccf1657e2b0de9e6c518f1
-
SHA256
39483efa8bad7c409446253722bc9ecc943554873a5952e5eff77ed8a9adfad7
-
SHA512
26c92f8d8594f52be43afb02e0acbb9a75181e593be95c38ed9ceb2a95c3b524390e7e3fcb3e63672a2c3b953d856f58abd566ff4816b821b33d50daa86ebf65
-
SSDEEP
98304:8iiKrWzRoNijDkluCdyboe+xzxYTORxOWI1Y8MWaEN:cKCzOijDgnylEtQS5Y
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
54.7
1679
https://t.me/trampapanam
https://nerdculture.de/@yoxhyp
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
4.7MB
-
MD5
f7b6b9cec30df72706dee2dc10b298ca
-
SHA1
a1a9226a08b3c9acc9ccf1657e2b0de9e6c518f1
-
SHA256
39483efa8bad7c409446253722bc9ecc943554873a5952e5eff77ed8a9adfad7
-
SHA512
26c92f8d8594f52be43afb02e0acbb9a75181e593be95c38ed9ceb2a95c3b524390e7e3fcb3e63672a2c3b953d856f58abd566ff4816b821b33d50daa86ebf65
-
SSDEEP
98304:8iiKrWzRoNijDkluCdyboe+xzxYTORxOWI1Y8MWaEN:cKCzOijDgnylEtQS5Y
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-