General
-
Target
2022.rar
-
Size
4.5MB
-
Sample
221113-vz7masca65
-
MD5
1b6725fa9ad409d058a748a06411e59c
-
SHA1
7bf34048e641bc2a048c37ad6925f988d9ca4860
-
SHA256
557cbce134240c99adbc588ebfb4593e286431860f9c9c6de0d991e110915793
-
SHA512
ed995d80c9637ad01a9a211cb5c12031f3dda59fa3cc41e95b465ce85ca8832797bea3a7e11322ebf8fff3f51efac0bf166657086fd7e10683632d9d4ce97c78
-
SSDEEP
98304:Gke9jjFyHpoidSk4oavHOcPbEtRjBqjwrB1H07UdSun9VSYLGWNDTp2nPYFAui8o:he9jjQHXdkPzPbEtRkjM0Uwi9VPrthDm
Static task
static1
Behavioral task
behavioral1
Sample
Filmora 11 Full Installer/Filmora 11 Full.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.6
1679
https://t.me/seclab_new
https://github.com/smbfhrgc
-
profile_id
1679
Targets
-
-
Target
Filmora 11 Full Installer/Filmora 11 Full.exe
-
Size
4.5MB
-
MD5
c655a3fab102c67f501d013b675a7b26
-
SHA1
a67292faeec3a1fadc73df5a0e57b274e420367d
-
SHA256
fc2e1a5bc3e08eb5fa0ad7bfd552ab83f925623a3556c2d4e29dc2710693aa6f
-
SHA512
40b9d38ccb124b2d9f4eadcbc693e9beee69fc3a1065dbd0c03c7bb6ffc609e53f7bd0e4801f7c3ea862ceaab306768e6f8170a4bcc8392c54f4e191813f9688
-
SSDEEP
98304:qcHuo4gUG/L2xOHdL1XbECJo+KPcAYwWMcbPR70ZpgPIOs+mxHZWt36b:qcOoVUG/Cx61XbEooNbYTV4Zpq8y38
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-