General
-
Target
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2.7z
-
Size
3.8MB
-
Sample
230107-3n3szaad8z
-
MD5
7e177c2b351d4c93edc49a358c05abd5
-
SHA1
ef6a65eb03fa9e99ee8fd477e996396a0faf062f
-
SHA256
9527bc60afe1a1326e47b5655edd28acb66f81ffb8d82db0dc7ea3a670fea0e2
-
SHA512
d45b780ea19485374049a0c7e0008b67402b89bd31ae952e461153a03eecbe6eb666c9d6d9b23d53e1464bba2f1e85eb672763f004b048171fd9a102e562c77e
-
SSDEEP
98304:XRtmnmmSGfWNMOgNFkIq9pxq8W2ZTXnGYrXzYfoTK/8TfGB:XRtmmm8NMOgNF9qbYEnGukAJfQ
Behavioral task
behavioral1
Sample
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
53.4
1364
https://t.me/cheaptrains
https://mastodon.social/@ffolegg94
-
profile_id
1364
Targets
-
-
Target
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2
-
Size
407.8MB
-
MD5
7a4ab857659a40a69c0d29650d991a79
-
SHA1
34313010b49837b93df1164071fd8a0f50c88119
-
SHA256
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2
-
SHA512
634decd7f17e82c92b54cd6e52753242de16249f4d9358c6c896cea4532c2c5069a85e5e8f9d8877a2b5ab50ea0e2de20f7fe925fc7aefab54f1c5f2dbf08ede
-
SSDEEP
98304:B5Sn52sYtLDfSR654zrPp8/Rq3ZEVkERxCFJiT0Gu4ueeZk:w4sxR65OpsEZEVjvMJiAMutk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-