General
-
Target
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2.bin
-
Size
407.8MB
-
Sample
221114-1c7axaab5s
-
MD5
7a4ab857659a40a69c0d29650d991a79
-
SHA1
34313010b49837b93df1164071fd8a0f50c88119
-
SHA256
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2
-
SHA512
634decd7f17e82c92b54cd6e52753242de16249f4d9358c6c896cea4532c2c5069a85e5e8f9d8877a2b5ab50ea0e2de20f7fe925fc7aefab54f1c5f2dbf08ede
-
SSDEEP
98304:B5Sn52sYtLDfSR654zrPp8/Rq3ZEVkERxCFJiT0Gu4ueeZk:w4sxR65OpsEZEVjvMJiAMutk
Malware Config
Extracted
vidar
53.4
1364
https://t.me/cheaptrains
https://mastodon.social/@ffolegg94
-
profile_id
1364
Targets
-
-
Target
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2.bin
-
Size
407.8MB
-
MD5
7a4ab857659a40a69c0d29650d991a79
-
SHA1
34313010b49837b93df1164071fd8a0f50c88119
-
SHA256
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2
-
SHA512
634decd7f17e82c92b54cd6e52753242de16249f4d9358c6c896cea4532c2c5069a85e5e8f9d8877a2b5ab50ea0e2de20f7fe925fc7aefab54f1c5f2dbf08ede
-
SSDEEP
98304:B5Sn52sYtLDfSR654zrPp8/Rq3ZEVkERxCFJiT0Gu4ueeZk:w4sxR65OpsEZEVjvMJiAMutk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-