General
-
Target
file.exe
-
Size
4.5MB
-
Sample
221124-l9n39sfg92
-
MD5
c610df9a9e6f7d21499db050d432f9f9
-
SHA1
669b0a9b1cba6ffacf5e975462767138624c88bb
-
SHA256
8864cd7cbc654d6a0abd75fe8152562f1a9837122bf829832fb4093be252b2e2
-
SHA512
3bffbde7a2acbbb3fc6caf2c159b11c0377b78e16f0e68db70e20632527c83c955d745b698ac2d6f888e9e10aed201261a7a17534a490e87a8a7b5426a9144a7
-
SSDEEP
98304:/B9kgT3HqFYzqbO0LO0hEOQbzc5fW1uTSITB4rc2UTBG5sq:5KgTedO09EOoufW414rY9G5L
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.9
1679
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
4.5MB
-
MD5
c610df9a9e6f7d21499db050d432f9f9
-
SHA1
669b0a9b1cba6ffacf5e975462767138624c88bb
-
SHA256
8864cd7cbc654d6a0abd75fe8152562f1a9837122bf829832fb4093be252b2e2
-
SHA512
3bffbde7a2acbbb3fc6caf2c159b11c0377b78e16f0e68db70e20632527c83c955d745b698ac2d6f888e9e10aed201261a7a17534a490e87a8a7b5426a9144a7
-
SSDEEP
98304:/B9kgT3HqFYzqbO0LO0hEOQbzc5fW1uTSITB4rc2UTBG5sq:5KgTedO09EOoufW414rY9G5L
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-