General
-
Target
installerx64.zip
-
Size
17.2MB
-
Sample
221127-yfq2zsde53
-
MD5
f07b22cffd00df98a78af88e3680ffb4
-
SHA1
16c04ebd04e1c7ffd76e55af7d031f215e4d4e39
-
SHA256
dfcf45d97a5c1e596fd63b1b617779f6151d595fa4fbb330b5e570b6917a66fa
-
SHA512
5788f34105eb3fe3a3c61a6d6c8f73fa72c472b8f17330e304d966b062be2fa6473a6d3f9b20cab3974a5d3e1d29140a7b547bb11df8a2810b9b4850acd45abc
-
SSDEEP
393216:2eAIK/E59NxUzf+X3shwgS+mONqVFC0ubQuFz9gWv0OhYxDH4Kk:2exKMr22Hs07s0CLFpJox0D
Behavioral task
behavioral1
Sample
installerx64.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.9
1604
https://t.me/misteryworldismyhome
https://t.me/montgomerywavesgetlucky
https://t.me/prokl3hfy
-
profile_id
1604
Targets
-
-
Target
installerx64.exe
-
Size
706.6MB
-
MD5
41bf2ab4d931307596bca16b3eeaa204
-
SHA1
aeaceceaec0abaa4f020c948f504985e71b6f0bc
-
SHA256
10838acc353d1580f5e17ca6ffd33346f156a7c3f6c8a28151812ec553f0d3d1
-
SHA512
f3ae025a4a186422ee2a982b186e3843963292080d20504604131b9502462c360dd77e67306948665160c08a50d85b94191803649d90d68f419a315b3012f3a7
-
SSDEEP
98304:hrFpFpUSCAajXKzbNOpjafzC7ps1u6OLucZGUTQ8n6vtJjrNK9J:XCSCHCbNOgG7p7LPmP/4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-