General
-
Target
AppSetup.rar
-
Size
5.6MB
-
Sample
230127-m8yrrabg31
-
MD5
3320baa8777b655d4be63fb56a35f875
-
SHA1
9f1f90e1ab9feb0396f4e7d921d56a97b527ffb4
-
SHA256
2f626154e982310a3efc265a8c279dea6c857dac99a96ae698cd797f9dcac174
-
SHA512
69a542eabe263575e56f51902213d024786e62f117943ad724d86c54a54d02d299a4c0f77fced040b435e24fc8f18dd87c3869c7b02bd512acc2db29d7a9e5ee
-
SSDEEP
98304:yiJu9vxyWDY0NXBn7bv4ML50l30EZFZNAAKv64rOtMKzsfB1lKIBFty:yl9pyKlNx7bv4ML50xnFZqAKv64r4I1m
Static task
static1
Behavioral task
behavioral1
Sample
AppSetup.rar
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
AppSetup.rar
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
AppSetup.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
AppSetup.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
vidar
2.2
754
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
754
Targets
-
-
Target
AppSetup.rar
-
Size
5.6MB
-
MD5
3320baa8777b655d4be63fb56a35f875
-
SHA1
9f1f90e1ab9feb0396f4e7d921d56a97b527ffb4
-
SHA256
2f626154e982310a3efc265a8c279dea6c857dac99a96ae698cd797f9dcac174
-
SHA512
69a542eabe263575e56f51902213d024786e62f117943ad724d86c54a54d02d299a4c0f77fced040b435e24fc8f18dd87c3869c7b02bd512acc2db29d7a9e5ee
-
SSDEEP
98304:yiJu9vxyWDY0NXBn7bv4ML50l30EZFZNAAKv64rOtMKzsfB1lKIBFty:yl9pyKlNx7bv4ML50xnFZqAKv64r4I1m
Score3/10 -
-
-
Target
AppSetup.exe
-
Size
689.2MB
-
MD5
51546cad54042b12982cd15f8685dacd
-
SHA1
1d6d6125139e18d76945732d69d833d915da1a8f
-
SHA256
fecd31d990a942e012bcb6860cc0f76ce46daaaf7d829d0c08f5972878899ffa
-
SHA512
a0a922f1a62b24cd3c3383c610cbec4eb0ecd3a595f137650466d0f882b89809eb851505221ceff923a7cd6e2500c48d2e7c4bd52441463b9e5ab4a9f290cf94
-
SSDEEP
98304:TSWU64N6ik/INEdXihZur3ui/xFKtL7UHfrPlkrAUzXGqb1MTmLgx0ZvSeK+YNmG:T4kQNEdyhq4GHTloxgE1Rs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-