General
-
Target
file.exe
-
Size
2.3MB
-
Sample
221121-wh1cbsfa9z
-
MD5
e11c78a0b335cc7bc36f45aabcdf8c20
-
SHA1
769469cb9929be583b7d2d4c9c04d84e02b3ed8c
-
SHA256
a1f85be67018434f06e910c13c4833aae7689793a7ce80a70ca5028877e9f40e
-
SHA512
8171e94360cd1fa8f94ea1d8a8b0e4b78828f3715e551e2a5c331e6bce8f869e445df773735b7df631bf87d97e8346c7db67334a62b67568b2cd9a044dbda6d8
-
SSDEEP
49152:WO/pc2ZUUGOATnlCC/6++wB90FmSVwuQY2KUllXOw2DO:vpTUUkT3/6poSKunullXOu
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.8
1679
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
2.3MB
-
MD5
e11c78a0b335cc7bc36f45aabcdf8c20
-
SHA1
769469cb9929be583b7d2d4c9c04d84e02b3ed8c
-
SHA256
a1f85be67018434f06e910c13c4833aae7689793a7ce80a70ca5028877e9f40e
-
SHA512
8171e94360cd1fa8f94ea1d8a8b0e4b78828f3715e551e2a5c331e6bce8f869e445df773735b7df631bf87d97e8346c7db67334a62b67568b2cd9a044dbda6d8
-
SSDEEP
49152:WO/pc2ZUUGOATnlCC/6++wB90FmSVwuQY2KUllXOw2DO:vpTUUkT3/6poSKunullXOu
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-