General
-
Target
c41b3548c937cb667c40c688a018cbd3978efd5beb0bca348602141dd9f93caf
-
Size
213KB
-
Sample
230124-lktx8abh71
-
MD5
3a9a968a905a3f42ea0a67a7c6b40f00
-
SHA1
fc14f9907f791ba71ef6fb36a75b7ef528747b55
-
SHA256
e05cbe2b3a8858263c49fa5e216a9e4350f2f0a838bd58f7042805736ee6e2f7
-
SHA512
4d5793996f76f09c91fe9161ce23df9da5a39a93c63558ed802b8c976f5f4ae7bf94cd7379554a47a9e71147e16843661162315452237a9a2c921106c5184146
-
SSDEEP
6144:l0P9ciFE5FSPQsxorNzfeVL2jIyugMNjNdR9sj:0XE5FSPQsaRzMNxdne
Static task
static1
Behavioral task
behavioral1
Sample
c41b3548c937cb667c40c688a018cbd3978efd5beb0bca348602141dd9f93caf.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
2.2
237
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
237
Targets
-
-
Target
c41b3548c937cb667c40c688a018cbd3978efd5beb0bca348602141dd9f93caf
-
Size
326KB
-
MD5
98fc114b73984f38b0dacb75a2203e94
-
SHA1
fd93356ed9ac61f3751b16b262466b7425046286
-
SHA256
c41b3548c937cb667c40c688a018cbd3978efd5beb0bca348602141dd9f93caf
-
SHA512
3a4eebab680e7d397e1ef599f5f3185a8397c52896526570286fc9dd0648e1fd86c3df7e1d1dfeb8d04bed647ac71b52609d137f097f5a8953e0e186da098c21
-
SSDEEP
6144:+LBAumFVhQmRDgxorNuPEotQK/fu1d0FJDmTb:+eumFLQmRkawPPtQKXu1MJD
-
Detects Smokeloader packer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-