General
-
Target
TotalCommander2022Full.rar
-
Size
8.1MB
-
Sample
230131-tzkbbsha89
-
MD5
806606daf90cf26675722769ee7755f6
-
SHA1
ccdd5861a8f6ad2660913478b100b152d48f57cf
-
SHA256
47b2e848bce7e03aa824bf75688c43b452363aa9190231fbc2122504650d7b58
-
SHA512
a8cc9a37750312e3ede3920dfdc843fdae83658bdb3d5492b66a94111fa9ecd7bef9ab77affc2996844e02272ef7d55b9a223954ea0ca845793163076d673bcb
-
SSDEEP
196608:27D3d1YH1zZvnBKXpGIyDqpR4as8bkxsVx024lzR1TrEcWHR:+dQnBKXo5aR4asnxsjs1R1T4cWHR
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
2.2
408
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
408
Targets
-
-
Target
Setup.exe
-
Size
761.7MB
-
MD5
2786a1cb2ef300ab50b38898aef30bec
-
SHA1
8df405d182592678171bc02a8d6221f2b7f4c2e7
-
SHA256
2375f62c58ecbbffca5f650e09294148932ac370db8212d7e6caa03a3d0f9b11
-
SHA512
9856cbea73d680731da529b530a3c482c9a3141cc68ca46bc58fc8b556c049fd7e2d3464b9e1aba3edf094e01830ab6ae85f1385c51814dc4c87600f3637e58e
-
SSDEEP
24576:aIyFqmTcQ8bBWeSrrOjXBtEdqdu75vXp08cT1RE8Ka/GYg6dK5eg6Xr1fEPvk5uM:a7B/+BSKKZ5q1oAV
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-