General
-
Target
file.exe
-
Size
3.2MB
-
Sample
221017-k3a3dsbdgj
-
MD5
bc39def3c5716eb76d994fe4b7e597fb
-
SHA1
bdc1941fca9620d4eabbb1aa6fb1dc8862a130bd
-
SHA256
6ed5e19aac6c1cf5f1d2cd08f1db7fec2f1455fc79a9ddaa7cc45a8ce43a9fbe
-
SHA512
83d40fc0ad933004f1990b22bc300b942dabfd2c7370e9e4e57192bf154404ea6fac4abca93807f0e60af5dd1bd7dd57da8ed45990ae3dccb5f52d23f8329e97
-
SSDEEP
98304:THZ2fHyQEY0JIi4VaLGGteqp8OH7FCUGn:THIHKGi4VqGG9XFXm
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55
1679
http://138.201.90.120:80
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
3.2MB
-
MD5
bc39def3c5716eb76d994fe4b7e597fb
-
SHA1
bdc1941fca9620d4eabbb1aa6fb1dc8862a130bd
-
SHA256
6ed5e19aac6c1cf5f1d2cd08f1db7fec2f1455fc79a9ddaa7cc45a8ce43a9fbe
-
SHA512
83d40fc0ad933004f1990b22bc300b942dabfd2c7370e9e4e57192bf154404ea6fac4abca93807f0e60af5dd1bd7dd57da8ed45990ae3dccb5f52d23f8329e97
-
SSDEEP
98304:THZ2fHyQEY0JIi4VaLGGteqp8OH7FCUGn:THIHKGi4VqGG9XFXm
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-