General
-
Target
2453f0f1232d73d823f5bd2dadf48fb18cff82604d1613d1707ae6fb451743e4.exe
-
Size
5.4MB
-
Sample
230327-c9ep6abd44
-
MD5
0590b2409eb38418e064b552945b3f91
-
SHA1
ddf8f28eb904f387dd9430082fc8abac98c61efa
-
SHA256
2453f0f1232d73d823f5bd2dadf48fb18cff82604d1613d1707ae6fb451743e4
-
SHA512
d59559505434143924e56f4e3e82a1f42eea0fc7a8ffa226d9fc2e6c292e8f2879260326c8e2ac474eb1cf310c52877ae9ce0124b8245eb998d2dbcf2db698c2
-
SSDEEP
98304:bWFfqP11weDNI1HxzWga8eINvg/Tig3cxq1p0rj/KWCdo0qZIEBdBH1:CBqHweDNI1HxioZarigswpCC+TP
Behavioral task
behavioral1
Sample
2453f0f1232d73d823f5bd2dadf48fb18cff82604d1613d1707ae6fb451743e4.exe
Resource
win7-20230220-en
Malware Config
Extracted
vidar
3.1
20f95c4f85151b21c48a8766fbd2d32d
https://steamcommunity.com/profiles/76561199472266392
https://t.me/tabootalks
http://135.181.26.183:80
-
profile_id_v2
20f95c4f85151b21c48a8766fbd2d32d
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79
Targets
-
-
Target
2453f0f1232d73d823f5bd2dadf48fb18cff82604d1613d1707ae6fb451743e4.exe
-
Size
5.4MB
-
MD5
0590b2409eb38418e064b552945b3f91
-
SHA1
ddf8f28eb904f387dd9430082fc8abac98c61efa
-
SHA256
2453f0f1232d73d823f5bd2dadf48fb18cff82604d1613d1707ae6fb451743e4
-
SHA512
d59559505434143924e56f4e3e82a1f42eea0fc7a8ffa226d9fc2e6c292e8f2879260326c8e2ac474eb1cf310c52877ae9ce0124b8245eb998d2dbcf2db698c2
-
SSDEEP
98304:bWFfqP11weDNI1HxzWga8eINvg/Tig3cxq1p0rj/KWCdo0qZIEBdBH1:CBqHweDNI1HxioZarigswpCC+TP
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-