General
-
Target
4340006b139b6726e42842e783567eadcf281987106c24dd274b5719974b35c6
-
Size
194KB
-
Sample
230124-l14glaae46
-
MD5
9c54d3a68e9a793f826b3ad179f37caf
-
SHA1
1a48feaeefbd04b0da4cc48c7f469b3003974cda
-
SHA256
4340006b139b6726e42842e783567eadcf281987106c24dd274b5719974b35c6
-
SHA512
c639bdc251cf0a8437f850d17bba56e7feddc0161fa674368a72a78e23196ab6b44df1f7278768f2ce697c298305f8ac9eb48a8af9901655b871c376bdcb2158
-
SSDEEP
3072:nBN0XKbDU8LE7+3m85HD6/IEsplgS07CZKwq4+fY+00Wnxa:BiuLE7Im0TEYuS0+G90b
Static task
static1
Malware Config
Extracted
vidar
2.2
237
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
237
Targets
-
-
Target
4340006b139b6726e42842e783567eadcf281987106c24dd274b5719974b35c6
-
Size
194KB
-
MD5
9c54d3a68e9a793f826b3ad179f37caf
-
SHA1
1a48feaeefbd04b0da4cc48c7f469b3003974cda
-
SHA256
4340006b139b6726e42842e783567eadcf281987106c24dd274b5719974b35c6
-
SHA512
c639bdc251cf0a8437f850d17bba56e7feddc0161fa674368a72a78e23196ab6b44df1f7278768f2ce697c298305f8ac9eb48a8af9901655b871c376bdcb2158
-
SSDEEP
3072:nBN0XKbDU8LE7+3m85HD6/IEsplgS07CZKwq4+fY+00Wnxa:BiuLE7Im0TEYuS0+G90b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-