General
-
Target
Setup.exe
-
Size
416.7MB
-
Sample
221118-y1zjvsah5x
-
MD5
89d2e268e42d0d2548864f5a3b57f09b
-
SHA1
6890d7125ed806aabf5724b23562e4c2b9987dc3
-
SHA256
b4dde3bce6a9dbf6e5a5ab13fc6aa7c9a071876c1bb86be73706fa2f0e56c249
-
SHA512
e4fbddc8004b60aaeabffa25ab2d88f9e5bdad885f8ab91ec3d976db2ffac1d78c02f03178c7a001afbf8f915b2cbc4c259fca9d8bbe825c60051d05c4038b96
-
SSDEEP
98304:irm26dRwZfLvafaKh+fGWecU8oVvHySmIFWj16Ol6CWgqLlW9399jGPaasO:irmhRwyfaJfGRvKLZZ0BLlWh/Wa1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.7
1707
https://t.me/deadftx
https://www.tiktok.com/@user6068972597711
-
profile_id
1707
Targets
-
-
Target
Setup.exe
-
Size
416.7MB
-
MD5
89d2e268e42d0d2548864f5a3b57f09b
-
SHA1
6890d7125ed806aabf5724b23562e4c2b9987dc3
-
SHA256
b4dde3bce6a9dbf6e5a5ab13fc6aa7c9a071876c1bb86be73706fa2f0e56c249
-
SHA512
e4fbddc8004b60aaeabffa25ab2d88f9e5bdad885f8ab91ec3d976db2ffac1d78c02f03178c7a001afbf8f915b2cbc4c259fca9d8bbe825c60051d05c4038b96
-
SSDEEP
98304:irm26dRwZfLvafaKh+fGWecU8oVvHySmIFWj16Ol6CWgqLlW9399jGPaasO:irmhRwyfaJfGRvKLZZ0BLlWh/Wa1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-