General
-
Target
bc730e4b10c80b919ceea5a4cef79d92fe621c14ffee641510a0aab20458821d
-
Size
6.0MB
-
Sample
221119-v1qp6sce53
-
MD5
dbf0f52fa1baaf101c2da4253df4e8c5
-
SHA1
c315f4c795686a14c6d1e21f0df350dd6f10e202
-
SHA256
bc730e4b10c80b919ceea5a4cef79d92fe621c14ffee641510a0aab20458821d
-
SHA512
77f1bd7fd5c405203c8b071900c09f157931ebd443846219423f61c5a5fc86f9b2adb2411d20b117e1d1489800f2c4b12a1af68b59028d07ea76dd7c926884c2
-
SSDEEP
98304:4opECERpbnC5t8iVOTRn5SHEU4KTTXQ2fE/MhsyKp7e9tfKIR5D+:4o9EbbnOtOTReagTXQ2fwyw7e9tfK65y
Behavioral task
behavioral1
Sample
bc730e4b10c80b919ceea5a4cef79d92fe621c14ffee641510a0aab20458821d.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.7
1364
https://t.me/deadftx
https://www.tiktok.com/@user6068972597711
-
profile_id
1364
Targets
-
-
Target
bc730e4b10c80b919ceea5a4cef79d92fe621c14ffee641510a0aab20458821d
-
Size
6.0MB
-
MD5
dbf0f52fa1baaf101c2da4253df4e8c5
-
SHA1
c315f4c795686a14c6d1e21f0df350dd6f10e202
-
SHA256
bc730e4b10c80b919ceea5a4cef79d92fe621c14ffee641510a0aab20458821d
-
SHA512
77f1bd7fd5c405203c8b071900c09f157931ebd443846219423f61c5a5fc86f9b2adb2411d20b117e1d1489800f2c4b12a1af68b59028d07ea76dd7c926884c2
-
SSDEEP
98304:4opECERpbnC5t8iVOTRn5SHEU4KTTXQ2fE/MhsyKp7e9tfKIR5D+:4o9EbbnOtOTReagTXQ2fwyw7e9tfK65y
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-