General
-
Target
file.exe
-
Size
3.2MB
-
Sample
221010-1rlyhsdefp
-
MD5
21c4865673cc339ddd94dcc917c575ee
-
SHA1
036194acd32f8e65c5077e89336ee596075484e2
-
SHA256
1a12d9c9ac19873abafa62c6d37eb8c31495a0818e8aa99987b41126cd31cd02
-
SHA512
10aab10d3dca2611cc3c2b719aa5d50c46992147f126fa2e20843b2f82620052a98f56e999675e793d6de0be505a5d79e7746dacabeb56fce46b62657be4683b
-
SSDEEP
49152:s6U1gC9btl/jP+C+CmGFhtsN7fTROWBtKqycrCqH4fHrrh4cw:S9xl7P+CnmGFhtubt0JqSHZ4cw
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55
1679
https://t.me/truewallets
https://mas.to/@zara99
http://116.203.10.3:80
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
3.2MB
-
MD5
21c4865673cc339ddd94dcc917c575ee
-
SHA1
036194acd32f8e65c5077e89336ee596075484e2
-
SHA256
1a12d9c9ac19873abafa62c6d37eb8c31495a0818e8aa99987b41126cd31cd02
-
SHA512
10aab10d3dca2611cc3c2b719aa5d50c46992147f126fa2e20843b2f82620052a98f56e999675e793d6de0be505a5d79e7746dacabeb56fce46b62657be4683b
-
SSDEEP
49152:s6U1gC9btl/jP+C+CmGFhtsN7fTROWBtKqycrCqH4fHrrh4cw:S9xl7P+CnmGFhtubt0JqSHZ4cw
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-