General
-
Target
file.exe
-
Size
2.2MB
-
Sample
221117-z7bbaafh24
-
MD5
ee3ba1a2e0580b39ebac49262cc23de2
-
SHA1
3a4f8c2808bd7e1a021a2c782c28fd2e8f51d778
-
SHA256
e98ce8068cae82b111f1e99142f30b1e57701e80dc5fad998aba21b6b34fd233
-
SHA512
4655cef48f7b3d5e08d972e51f46aa8fbe427a48cd1e918b7c7516e5d8d2073adbe715673b8908c1cd397a46d2f8d6b20635753ebf64c30acedd9312b19a9bbf
-
SSDEEP
49152:ntaa55b+xYm20g/LnFeWWN2DNS60Z9qjtOfRN63FrDhZtn:taamYmw/LnFeXoSzZ9qjAfRN6FvhZN
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.7
1679
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
2.2MB
-
MD5
ee3ba1a2e0580b39ebac49262cc23de2
-
SHA1
3a4f8c2808bd7e1a021a2c782c28fd2e8f51d778
-
SHA256
e98ce8068cae82b111f1e99142f30b1e57701e80dc5fad998aba21b6b34fd233
-
SHA512
4655cef48f7b3d5e08d972e51f46aa8fbe427a48cd1e918b7c7516e5d8d2073adbe715673b8908c1cd397a46d2f8d6b20635753ebf64c30acedd9312b19a9bbf
-
SSDEEP
49152:ntaa55b+xYm20g/LnFeWWN2DNS60Z9qjtOfRN63FrDhZtn:taamYmw/LnFeXoSzZ9qjAfRN6FvhZN
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-