General
-
Target
MicrosoftOfficeCrack.exe
-
Size
2.3MB
-
Sample
230201-hlx5gscc37
-
MD5
aa1fafc03b0578979f5f0660e8266cab
-
SHA1
2219a5f7cbfb0521d429faf77eabdeb58a26d041
-
SHA256
99481f540a11c13b1e960815d8a0e7d26cac8953c98e4f2d3b76e0acb61c6fe0
-
SHA512
06e2ce9a9f33674bb6695e08fd3ed4022b05276f4d500175e846d66f2611d6510484b35bc4982fffac728ee6356c26e8bd952b18659778591554fefcfcdb3d6f
-
SSDEEP
24576:JP2Nr/ox3EmOgBRWoIy1MIWHOq8aDCc5Orzb06Y51fdJFP9XJ2VyGbYJc6IU2rew:JP2NDox3nLMIOOq8aOR
Static task
static1
Behavioral task
behavioral1
Sample
MicrosoftOfficeCrack.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
2.2
408
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
408
Targets
-
-
Target
MicrosoftOfficeCrack.exe
-
Size
2.3MB
-
MD5
aa1fafc03b0578979f5f0660e8266cab
-
SHA1
2219a5f7cbfb0521d429faf77eabdeb58a26d041
-
SHA256
99481f540a11c13b1e960815d8a0e7d26cac8953c98e4f2d3b76e0acb61c6fe0
-
SHA512
06e2ce9a9f33674bb6695e08fd3ed4022b05276f4d500175e846d66f2611d6510484b35bc4982fffac728ee6356c26e8bd952b18659778591554fefcfcdb3d6f
-
SSDEEP
24576:JP2Nr/ox3EmOgBRWoIy1MIWHOq8aDCc5Orzb06Y51fdJFP9XJ2VyGbYJc6IU2rew:JP2NDox3nLMIOOq8aOR
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-