General
-
Target
Loader.rar
-
Size
1.0MB
-
Sample
230129-gdsz5aae43
-
MD5
ea62797765bcc7d277a6d02b5113cd7b
-
SHA1
5b013377b3b614fd8728a976b9b4589ebd5a965f
-
SHA256
7eaec25194b19910f090aa38b9236530c70b61e69991edbb497b32ed73e28ddc
-
SHA512
997991598504b719c0c52180485a5e37ea7ded470d475e625acb628d78cd719f241a7396e93c1eed001432d819e4c12c4a2e98a75c81fc1cee77af2ad44a2d06
-
SSDEEP
12288:VsnkLvrX1So/aGVN2Q6fyib3xWzg8xqkDPSSNdz5Fx2d6nQHuhh6ZGP1QTOeEVmb:maTmQ6yibhWzgW5PS6XQ8h68PyTukQ2
Static task
static1
Behavioral task
behavioral1
Sample
Cracker.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Cracker.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
Data/Packaged/Resource.zip
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Data/Packaged/Resource.zip
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Data/Packaged/Utils.xml
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
Data/Packaged/Utils.xml
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
Loader.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
2.2
408
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
408
Targets
-
-
Target
Cracker.dll
-
Size
56KB
-
MD5
f861f7c134819f4aa5f3b0ce2db9bc9f
-
SHA1
d063a5e353543e9f21a7a16ea1c0789be0a30856
-
SHA256
4dc9457b3f2b4eb488aa0b95ff4cd25632c8756beb5992520c970ae7d09fe0b7
-
SHA512
90ac4c0fa370e076c19f865c554d8231a4d80c1bd46860a3772fc66b75fb0a2977d489fa7f3b233fb1316ef9b70e99ee7658692f65f070c7cd33d8fa4fed9a96
-
SSDEEP
384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1b+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56vs+G0a
Score1/10 -
-
-
Target
Data/Packaged/Resource.dll
-
Size
189B
-
MD5
4427aeee68321d0f4d7befa74e669f83
-
SHA1
4670003762a1c217c9e8ea48fcc53f2871a7c341
-
SHA256
a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
-
SHA512
9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score1/10 -
-
-
Target
Data/Packaged/Utils.dll
-
Size
1KB
-
MD5
73e051427246dd4ca45935b1a4bd7e2d
-
SHA1
7216f05041252f1c3a9d84aacdf84ef62f1a1045
-
SHA256
b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f
-
SHA512
3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36
Score1/10 -
-
-
Target
Loader.exe
-
Size
761.7MB
-
MD5
ccb5114428cf5c1119e1fdacca3cbb24
-
SHA1
20d808ed53075c8e3e96c646ee6d48f76f27c4c5
-
SHA256
1ec8a7862ede3f356ce39933e45756da4a3dcd42347c4c5b0e06e840063e4ef2
-
SHA512
512f9eae2c879a8d996d0f156e26c993f42cc29677600c78ce17de1def25df12c5dfc49e6ccf479841069052738ca764b9e8e3fc72930b26824d878c20e099e6
-
SSDEEP
24576:W/2Nr/ox3EcOgDl45miyAZt2xP1vpL0BW9ezlIrqPx1rLvddZsoiS7tnP90NFFuy:W/2NDox3RDmmuUgOhP
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-