General
-
Target
Setup.zip
-
Size
5.6MB
-
Sample
230125-fmch3aeh83
-
MD5
307832716da4e2f4630508b14803f8cc
-
SHA1
377ec621b9d9626a52b361430768fe0b64b91afe
-
SHA256
34fbb725cb2dadf927aa711744b2ac462ebfca6545ac07486ff319090727bc9c
-
SHA512
b9c8893a35d56df8e3574ff95f5156f79f21fb4ab93cada16792638ccee8f319148f393a7ee93c07bb56455c58dc70c9688b5732f9c3072e53a9644596bb8227
-
SSDEEP
98304:RHDl7/NIwMjgnV1GQ0jwuB0932vzeNoixCjfDXxsFU01netH0CEMm2YhJj:L/NIwMjgfGRwXlo17WFxetUCCHj
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
2.2
754
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
754
Targets
-
-
Target
Setup.exe
-
Size
688.6MB
-
MD5
08e151d381448ed0d4bc81360ac902d3
-
SHA1
6b41c783a0a0fa80db41ba0ea5b04039c5816504
-
SHA256
184ce64f7c39d8bede67f57b1a114207d991d09c2db4d0c0dc58a004ee8b2219
-
SHA512
a9557aa238fd749094f8f945b47bc052838cba4c97004dcd07d4c85c17c5c356777dabc3b49ee9c59676ef9115ccc5cf338cc8460ad6366f0ba4c3c9a625525f
-
SSDEEP
98304:OnkCLdNtZv0I83Xs0GVJ4w/iVG+Kqezp5vXMwRzhcHlmB2r7c:Onk4NtZv0TVGVJ4waU+3S5vcCiHl/
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-