General
-
Target
Ip_scanner.exe
-
Size
5.1MB
-
Sample
221117-vlt42sba4s
-
MD5
899364e9f5edeb6ad4fff930eb1457a7
-
SHA1
b164f56e2ba1fc72d0813e0b4c9ba91e82ab2027
-
SHA256
dfd84071a0a6f1ab986d52f811f3473474e5ad94585046311d1b0ace2322329a
-
SHA512
cfa5a2c8454787a20e029ccd13868b2121fead7e88dcdb44d1c0171a651515854009c17f4402d5ffab5aae715db67be134b6b2049ce8a96a1c66c9ffa8f302af
-
SSDEEP
98304:B5Sn52sYtLDfSR654zrPp8/Rq3ZEVkERxCFJiT0Gu4ueeZk:w4sxR65OpsEZEVjvMJiAMutk
Behavioral task
behavioral1
Sample
Ip_scanner.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
53.4
1364
https://t.me/cheaptrains
https://mastodon.social/@ffolegg94
-
profile_id
1364
Targets
-
-
Target
Ip_scanner.exe
-
Size
5.1MB
-
MD5
899364e9f5edeb6ad4fff930eb1457a7
-
SHA1
b164f56e2ba1fc72d0813e0b4c9ba91e82ab2027
-
SHA256
dfd84071a0a6f1ab986d52f811f3473474e5ad94585046311d1b0ace2322329a
-
SHA512
cfa5a2c8454787a20e029ccd13868b2121fead7e88dcdb44d1c0171a651515854009c17f4402d5ffab5aae715db67be134b6b2049ce8a96a1c66c9ffa8f302af
-
SSDEEP
98304:B5Sn52sYtLDfSR654zrPp8/Rq3ZEVkERxCFJiT0Gu4ueeZk:w4sxR65OpsEZEVjvMJiAMutk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-