General
-
Target
file.exe
-
Size
2.0MB
-
Sample
221115-xalpmsfc39
-
MD5
c73f442f781b12bf1c37f9bd580eb835
-
SHA1
994ad6dba50348b974c5e267b47528022f8df1c3
-
SHA256
234c1a6aa873bd2e02df3f7e52cad468e0a017b345994cc22e93a44a4748c2e0
-
SHA512
70334c271bb83cb42eab052b1ee282a10e9bf9a6e63e6fc099350435ef5bfdc4e7ff0978b6475eaf0ffda1a698a6c24f21a44f8898faf175bce8ec78fb50f50c
-
SSDEEP
49152:4GMElJ+BnVkMZJzYVl4HkmKKcBkBcti5kagWYey9jK3CnC7MT:KBn2M48HkA2dJWtys3C9
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.7
1679
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
2.0MB
-
MD5
c73f442f781b12bf1c37f9bd580eb835
-
SHA1
994ad6dba50348b974c5e267b47528022f8df1c3
-
SHA256
234c1a6aa873bd2e02df3f7e52cad468e0a017b345994cc22e93a44a4748c2e0
-
SHA512
70334c271bb83cb42eab052b1ee282a10e9bf9a6e63e6fc099350435ef5bfdc4e7ff0978b6475eaf0ffda1a698a6c24f21a44f8898faf175bce8ec78fb50f50c
-
SSDEEP
49152:4GMElJ+BnVkMZJzYVl4HkmKKcBkBcti5kagWYey9jK3CnC7MT:KBn2M48HkA2dJWtys3C9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-