General
-
Target
d1d9dcd9c5798957c8e931559c380e9c
-
Size
1.9MB
-
Sample
240317-zrkvsagd9z
-
MD5
d1d9dcd9c5798957c8e931559c380e9c
-
SHA1
d1a0d99a3628e3a2f68041b944bdfc9d8fc2cca7
-
SHA256
6af280a34b9d478a0f56433f5a00bbb64a98eaea2d63bb257593587c069e9a6c
-
SHA512
abebc00f3a7f317d6970ad76b6a3e03fe68d5fec7c7594b9db91e3ebe7bca464cb53a40b3e74f96592e483c995f2bab06921d081ceb08e26c7e4e6dfebd4ce15
-
SSDEEP
24576:yruWiJGT33cFU1XcRihl5GLwDsCT6xkaafxCB1Nq3+qkdtBfSRQkjRuDz9:mfDMFUZwiLgLWTAne3AtBfSPjRs
Static task
static1
Behavioral task
behavioral1
Sample
d1d9dcd9c5798957c8e931559c380e9c.exe
Resource
win7-20240221-en
Malware Config
Extracted
vidar
16.6
539
http://barkeoikeilo.click/
-
profile_id
539
Targets
-
-
Target
d1d9dcd9c5798957c8e931559c380e9c
-
Size
1.9MB
-
MD5
d1d9dcd9c5798957c8e931559c380e9c
-
SHA1
d1a0d99a3628e3a2f68041b944bdfc9d8fc2cca7
-
SHA256
6af280a34b9d478a0f56433f5a00bbb64a98eaea2d63bb257593587c069e9a6c
-
SHA512
abebc00f3a7f317d6970ad76b6a3e03fe68d5fec7c7594b9db91e3ebe7bca464cb53a40b3e74f96592e483c995f2bab06921d081ceb08e26c7e4e6dfebd4ce15
-
SSDEEP
24576:yruWiJGT33cFU1XcRihl5GLwDsCT6xkaafxCB1Nq3+qkdtBfSRQkjRuDz9:mfDMFUZwiLgLWTAne3AtBfSPjRs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-