General
-
Target
Setup.exe
-
Size
3.8MB
-
Sample
221211-kv1yvagg38
-
MD5
9815939e8451de53eb7acd436da80fa7
-
SHA1
a3d0713358bc56c25afd840fe4f6d292a1bb19a3
-
SHA256
7e481ee40af6227bc65f7334cffa28ef661ab49cb800ce383aed1cec82515ae5
-
SHA512
7f633b28a04c90449d068a616ffa1280aa7382be2d3e69545071aef7c2e2a634f8f9b5b76f033da80ee56a0598b285cbe0e8e263ba6b9891177bad6ca81f2661
-
SSDEEP
98304:yV69dw8FHKz5d5OKA3IoMnifAmtwDn8xX4Y2qJgazXCq:yo9dwIqz75OtMnWeDn8+qJXzy
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
56.1
1707
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1707
Targets
-
-
Target
Setup.exe
-
Size
3.8MB
-
MD5
9815939e8451de53eb7acd436da80fa7
-
SHA1
a3d0713358bc56c25afd840fe4f6d292a1bb19a3
-
SHA256
7e481ee40af6227bc65f7334cffa28ef661ab49cb800ce383aed1cec82515ae5
-
SHA512
7f633b28a04c90449d068a616ffa1280aa7382be2d3e69545071aef7c2e2a634f8f9b5b76f033da80ee56a0598b285cbe0e8e263ba6b9891177bad6ca81f2661
-
SSDEEP
98304:yV69dw8FHKz5d5OKA3IoMnifAmtwDn8xX4Y2qJgazXCq:yo9dwIqz75OtMnWeDn8+qJXzy
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-