General
-
Target
CompleteInstaller_Pass1234_Active_B3 (2).rar
-
Size
3.9MB
-
Sample
221208-qm24tsdb2v
-
MD5
2e0cf0709695a3e3df93c8d3d7651674
-
SHA1
b0bbcc1e1481f643d9a4e3b7f0fce698be5a1c8d
-
SHA256
58e301cc6f3e5bd30dc849ae1d6f0cad92a8b4a34fa51af6fed1ada2264a1f6a
-
SHA512
4e6e327affba5cc98b7eeae24b774accc7516a1eef2fd1c5686430d3a8467c0ef99fbb63c65b133702c44844e52898c32f95bfc93c6ad32cfbd90dde073d14f8
-
SSDEEP
98304:OVS/j7lTaomb4+1zmyTH/6b6EU7tb842V3Ydmu/Vh+dHXW:O8rZT1mHLTSb6EUZn2V3WjSm
Malware Config
Extracted
vidar
56.1
1707
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1707
Targets
-
-
Target
SetupFile.exe
-
Size
428.1MB
-
MD5
7226d8d16095a3e5adfc54c0f21f47ea
-
SHA1
888a9fb43a1b266c14949ff5a08484f90ee55bf6
-
SHA256
02c828e99aa676e09b13b1ed83fec552e9a0af8e36d5621c241e6cc94e0e0af9
-
SHA512
0c6ae1c71d4969adaa724bc32047325553ad1df1d9f06239b9a18df05cb151a79c1244f312c08abd7f9a9c9cd0479254a86699786f2ef2a256ca15dc5b086466
-
SSDEEP
98304:7oFL7+orEBewjmQ1vS9RTHFa0azSYhYlktlvBS0UzZ5qLfIlX3:7oFCiEBhjmjDypmZ6OX3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-