General
-
Target
file.exe
-
Size
2.0MB
-
Sample
221219-km5xtshf4y
-
MD5
ec0ac23a4d78b472dc4cc6ba718ed1b4
-
SHA1
50d5c0d0775ff7e6c84c35549bd0da5d041c28b8
-
SHA256
7d9e4b4c86f71fc5b5e5ed8bb72b6ef2ed9ab8c0ad2877bf880f8e029485bfe7
-
SHA512
ade59aebd9631b3f8b467523b224ee937003414cbc1f5ecd646daa372e14475a2be7e1b933e31e65eb0583df42eea7b9fe71c6958163b71f6b1cbbde9e9516ab
-
SSDEEP
49152:HPZDYu8tLPaJtbqySZWkIlVUUnY6JAiJCkdEbtFT1uwp:vqazv1lVQunDduFTMwp
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
56.1
1679
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
2.0MB
-
MD5
ec0ac23a4d78b472dc4cc6ba718ed1b4
-
SHA1
50d5c0d0775ff7e6c84c35549bd0da5d041c28b8
-
SHA256
7d9e4b4c86f71fc5b5e5ed8bb72b6ef2ed9ab8c0ad2877bf880f8e029485bfe7
-
SHA512
ade59aebd9631b3f8b467523b224ee937003414cbc1f5ecd646daa372e14475a2be7e1b933e31e65eb0583df42eea7b9fe71c6958163b71f6b1cbbde9e9516ab
-
SSDEEP
49152:HPZDYu8tLPaJtbqySZWkIlVUUnY6JAiJCkdEbtFT1uwp:vqazv1lVQunDduFTMwp
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-