General
-
Target
58159b180763f2231074b262ac54f26caf8f308454d104f22cdb5f51e406dfda
-
Size
175KB
-
Sample
230124-thcvxseb21
-
MD5
9b3bf91d2b19a3933e9517e075c2bf14
-
SHA1
3b7c18c79de23754152a99a27c10e2d524fc78ca
-
SHA256
58159b180763f2231074b262ac54f26caf8f308454d104f22cdb5f51e406dfda
-
SHA512
69cbe9ff3c48dc8331e4bc3ad113c465f24146943e3f57b09290fe55f8c2fe03f33de2168af173b5aec38a17dfdf0f50c0cc4469157877a877a23423de73d66b
-
SSDEEP
3072:JBN2fxzsZLRk49UH5AveJXWd8xD310PjUsO7:PLLS49UKelWKxD31fsO
Static task
static1
Malware Config
Extracted
vidar
2.2
237
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
237
Targets
-
-
Target
58159b180763f2231074b262ac54f26caf8f308454d104f22cdb5f51e406dfda
-
Size
175KB
-
MD5
9b3bf91d2b19a3933e9517e075c2bf14
-
SHA1
3b7c18c79de23754152a99a27c10e2d524fc78ca
-
SHA256
58159b180763f2231074b262ac54f26caf8f308454d104f22cdb5f51e406dfda
-
SHA512
69cbe9ff3c48dc8331e4bc3ad113c465f24146943e3f57b09290fe55f8c2fe03f33de2168af173b5aec38a17dfdf0f50c0cc4469157877a877a23423de73d66b
-
SSDEEP
3072:JBN2fxzsZLRk49UH5AveJXWd8xD310PjUsO7:PLLS49UKelWKxD31fsO
-
Detects Smokeloader packer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-