General
-
Target
Active_APpLicatiOn_1234_Vr6ty-Oz.rar
-
Size
4.9MB
-
Sample
221220-q2hzhahf75
-
MD5
963011155b7b84c8850878c68b99445a
-
SHA1
f5f6cdfd1d12df787cf358e0e5eae8483ab6d06e
-
SHA256
ed9194aab02f28532a292a55883d17d4c6d9e1398b417c89c49274ef394730c1
-
SHA512
1ce641c769569eb96fa5d43fafac80c51b6785f5fc251d46c9dac0838761f0d5a678de554eea6625ea9ba258321161e8a35641ec3ab26c12632de88460aed6ae
-
SSDEEP
98304:TtL+tIRaXCg7itumOmIt0e5JxRyiamuvp2QAxXEqu7dUFPKig1nGfDrX7QceNC:gCaXCg7IvG0e5Jj1am2pmDu7dGLg1nSX
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.9
1707
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1707
Targets
-
-
Target
Setup.exe
-
Size
401.5MB
-
MD5
0ddcdd61416097c2bb811c52ec1edbb0
-
SHA1
a95918e157f327ff92025f460b5abe4a0be7681d
-
SHA256
aa80f09c015c63a1b140be6cc7f6e102fbac728a94e9d7063caaaede90bbf364
-
SHA512
2f066531ee0cfd95859acd05d0997f2cc85c8b337b4c37e6cae34bc47fe612e796de060f70f59c1947e54442e0fe3e7fda6df4989fb98fca7449e8de499f845e
-
SSDEEP
98304:ynbaaSVmm30fIhK9C7CmMK5kZmxQSDgK0h:yba5V1lhK943zhxQSDgd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-