General
-
Target
Setup
-
Size
3.7MB
-
Sample
221129-js7g6sae39
-
MD5
cef9b19cc0af54b1a6bca074f6ef8d40
-
SHA1
754b3379448bf488737af2cfdbbc11e6dd279ffc
-
SHA256
a4b535f4e01c71e4774f00ff97315d2c629674165f22183566250beebcec45a4
-
SHA512
468e8bb6347e74f16f7ef1b9821fecfcc6fd58d98380d724fe2e583b596ed48e28ca60e321b7f49efbaa9605bfe4f0df89189c4ee2279ff4f46c8c44239939a1
-
SSDEEP
98304:ynbaaSVmm30fIhK9C7CmMK5kZmxQSDgK0h:yba5V1lhK943zhxQSDgd
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.9
1707
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1707
Targets
-
-
Target
Setup
-
Size
3.7MB
-
MD5
cef9b19cc0af54b1a6bca074f6ef8d40
-
SHA1
754b3379448bf488737af2cfdbbc11e6dd279ffc
-
SHA256
a4b535f4e01c71e4774f00ff97315d2c629674165f22183566250beebcec45a4
-
SHA512
468e8bb6347e74f16f7ef1b9821fecfcc6fd58d98380d724fe2e583b596ed48e28ca60e321b7f49efbaa9605bfe4f0df89189c4ee2279ff4f46c8c44239939a1
-
SSDEEP
98304:ynbaaSVmm30fIhK9C7CmMK5kZmxQSDgK0h:yba5V1lhK943zhxQSDgd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-