General
-
Target
library_1.exe
-
Size
2.3MB
-
Sample
221121-n6weaahd44
-
MD5
03c7b8e50ff9a1ab2d0ae379c0180dec
-
SHA1
dc4d334d6c6969514c14f4b232e08ba31583ce35
-
SHA256
b9e2df677315f07b08f43626c99817ab16c1aceb5812b2ea20cdbc96cdbead4a
-
SHA512
3285c6f489dbbed48bad534c1e57cdf55557c8421c8cecd2d43471cacaf3c016c4c2a72d7870c984ebec2a4c647d38cca8c385d8058c3409748b3f993fd3e6b7
-
SSDEEP
49152:QH039eANocGuhFFg6PDVN4fCNkTXlhVWS8K238nq3uiOVge0y/Ai:2gQSSCFLVN4KNQlhVp8/aq3updFAi
Static task
static1
Behavioral task
behavioral1
Sample
library_1.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.7
1707
https://t.me/deadftx
https://www.tiktok.com/@user6068972597711
-
profile_id
1707
Targets
-
-
Target
library_1.exe
-
Size
2.3MB
-
MD5
03c7b8e50ff9a1ab2d0ae379c0180dec
-
SHA1
dc4d334d6c6969514c14f4b232e08ba31583ce35
-
SHA256
b9e2df677315f07b08f43626c99817ab16c1aceb5812b2ea20cdbc96cdbead4a
-
SHA512
3285c6f489dbbed48bad534c1e57cdf55557c8421c8cecd2d43471cacaf3c016c4c2a72d7870c984ebec2a4c647d38cca8c385d8058c3409748b3f993fd3e6b7
-
SSDEEP
49152:QH039eANocGuhFFg6PDVN4fCNkTXlhVWS8K238nq3uiOVge0y/Ai:2gQSSCFLVN4KNQlhVp8/aq3updFAi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-