General
-
Target
file.exe
-
Size
5.7MB
-
Sample
221018-x5hlgadcg9
-
MD5
e814b6bccc606830610efcd899e5d724
-
SHA1
b9526c1ec6442ebea5f813342251328e5e59ccb9
-
SHA256
2cf662a4d3efa315a348a9fbcaa3a8d4c1915f21d8f8841fc06b5f3c41ffc0c4
-
SHA512
db5e46f1cef76effc3a24d8d7377f3e027d0b05a97cf90c1c858ed903a5d7311d842db68fbfcfa46a07c71087e0d6adf249382153e70b1ae9ce48121c7da1761
-
SSDEEP
98304:bhTFIFAaPF0f5Z8H9HoUUX3lJsPGv6l3JjCLDk63fVZaG1SrMB3Gu6RQTtTg:bh2F0R7UGkP/VtCLo6m+Wupi
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55
1679
http://138.201.90.120:80
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
5.7MB
-
MD5
e814b6bccc606830610efcd899e5d724
-
SHA1
b9526c1ec6442ebea5f813342251328e5e59ccb9
-
SHA256
2cf662a4d3efa315a348a9fbcaa3a8d4c1915f21d8f8841fc06b5f3c41ffc0c4
-
SHA512
db5e46f1cef76effc3a24d8d7377f3e027d0b05a97cf90c1c858ed903a5d7311d842db68fbfcfa46a07c71087e0d6adf249382153e70b1ae9ce48121c7da1761
-
SSDEEP
98304:bhTFIFAaPF0f5Z8H9HoUUX3lJsPGv6l3JjCLDk63fVZaG1SrMB3Gu6RQTtTg:bh2F0R7UGkP/VtCLo6m+Wupi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-