General
-
Target
file.exe
-
Size
3.0MB
-
Sample
221112-qbgzhsga29
-
MD5
73af5ace32c8bb9cd5228f3cd7514c3c
-
SHA1
970079d1ff0625ada27826ad31c844b7a61ed058
-
SHA256
3e9c629c225bf857fc3183cc5f17ae5816e04f20c7d9636d5d6adac849ed2279
-
SHA512
d946ab114101912849cd8936fc80b5cddc9eff9087519ab2e4300bf4a20b620a08b5e9d2860ca8df3b25691e7fbb040b612785042cda65ed066c7f0f98717b39
-
SSDEEP
49152:D1/9eGt9VtrUePaOoo1uFDJKjtA0qXpwhz2VhJa5S2Cfnnlnz7m/gc+aap209Q3f:p/xIGVj1uZmi0qZwhO2+V7m/5C8DMw
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.6
1679
https://t.me/seclab_new
https://raw.githubusercontent.com/sebekeloytfu/simple-bash-scripts/master/calculator.sh
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
3.0MB
-
MD5
73af5ace32c8bb9cd5228f3cd7514c3c
-
SHA1
970079d1ff0625ada27826ad31c844b7a61ed058
-
SHA256
3e9c629c225bf857fc3183cc5f17ae5816e04f20c7d9636d5d6adac849ed2279
-
SHA512
d946ab114101912849cd8936fc80b5cddc9eff9087519ab2e4300bf4a20b620a08b5e9d2860ca8df3b25691e7fbb040b612785042cda65ed066c7f0f98717b39
-
SSDEEP
49152:D1/9eGt9VtrUePaOoo1uFDJKjtA0qXpwhz2VhJa5S2Cfnnlnz7m/gc+aap209Q3f:p/xIGVj1uZmi0qZwhO2+V7m/5C8DMw
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-