General
-
Target
ae5334d3d5b27bfeeff9054c0999a5e5.bin
-
Size
1.1MB
-
Sample
230203-kr8vaagg6z
-
MD5
d7046b7382d93f33035e0fe301ca5ed8
-
SHA1
542c6cad52d91308c63997ba5cd21928606cb7e3
-
SHA256
850295339606f52226ac30486392c4be3c088461f06e6eb53531f3ed435e81e6
-
SHA512
f5c8c5d4b1e40c5fa751edacfc9d15f27877b645ac651ae99e281bbeaab68f4859f59ef20361d30686cbce41a008df4654bd519d0860a51eb7544658b82c8ba8
-
SSDEEP
24576:34KuoLix1fH3kWRNq/poPIUplIXFi3WlZP7ZSikboA855:ohZFqKJ2WiZPtSi/AU5
Malware Config
Extracted
vidar
2.2
408
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
408
Targets
-
-
Target
MicrosoftOfficeCrack.exe
-
Size
761.7MB
-
MD5
fd389eb0cff4d93e0e9fce0e2248221f
-
SHA1
8fbd0f00f5f16c1ca43891652ec9f411ddb58a2b
-
SHA256
e032af8c6ab53c34f29d433391f97f1d6c0cb5647e76ac6609b594761729fe37
-
SHA512
40fe03c7e1fc216f84ec378ee59be18ade24a81480dca9b1372010e003882b9acd123c5e5d7f18de78ee3eb592b6ba907495da5d5244cc0c16f15d1351810dbf
-
SSDEEP
24576:JP2Nr/ox3EmOgBRWoIy1MIWHOq8aDCc5Orzb06Y51fdJFP9XJ2VyGbYJc6IU2rew:JP2NDox3nLMIOOq8aOR
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-