General
-
Target
file.exe
-
Size
2.1MB
-
Sample
221121-qsdcnafd21
-
MD5
246a5bd21a525fa139ac2c67247d84d2
-
SHA1
6891ff304fcb372ebbbe2f18918d8fc2b8733078
-
SHA256
814e1797632ab2b56c316495975f8984f366a1a4f242d8c7f8eeab0358df63b7
-
SHA512
d4b1472144286d65a0ae5741c5347e4a039a3f59b87504afa98bc9e5ecfe1ceecccf61e8e4fc445ea59c19c06c576838eaa53c99695614276af51a975df69346
-
SSDEEP
49152:XEDKlSU0ZxZdz0p8EiUi7q+/zEGR/A/LoRVT1uhN9:rlnOZR5Zp/oiAD4XuN
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.7
1679
https://t.me/deadftx
https://www.tiktok.com/@user6068972597711
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
2.1MB
-
MD5
246a5bd21a525fa139ac2c67247d84d2
-
SHA1
6891ff304fcb372ebbbe2f18918d8fc2b8733078
-
SHA256
814e1797632ab2b56c316495975f8984f366a1a4f242d8c7f8eeab0358df63b7
-
SHA512
d4b1472144286d65a0ae5741c5347e4a039a3f59b87504afa98bc9e5ecfe1ceecccf61e8e4fc445ea59c19c06c576838eaa53c99695614276af51a975df69346
-
SSDEEP
49152:XEDKlSU0ZxZdz0p8EiUi7q+/zEGR/A/LoRVT1uhN9:rlnOZR5Zp/oiAD4XuN
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-