General
-
Target
ef3b79e8771cd00c61c30593668be56ed74eade79910ae72a504dd571ba9b8ef
-
Size
2.6MB
-
Sample
240319-xhtefsbh73
-
MD5
d808bae5b85d49654587fa97cadc1e5b
-
SHA1
838e8ee580d085e54dcf5ddbcec79bda83cddd87
-
SHA256
ef3b79e8771cd00c61c30593668be56ed74eade79910ae72a504dd571ba9b8ef
-
SHA512
c77fc79a98fc06c1845fb761d5bc1da4783c7ee9d7ea837eaa42cda3eaf2c0f5a6f26919eaeeef3f993b59d14998a340b2add356c78a22d4921d34d5f5d06ecb
-
SSDEEP
49152:NIDEtii6PzF4SipOgNnEciBWm4tjMw2E5a2QLImDK0lOQfi/xggs:uDbU1ZIBWmEjlVkBMmm0lDnp
Static task
static1
Behavioral task
behavioral1
Sample
ef3b79e8771cd00c61c30593668be56ed74eade79910ae72a504dd571ba9b8ef.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
vidar
52.1
1120
https://t.me/verstappenf1r
https://climatejustice.social/@ronxik312
-
profile_id
1120
Targets
-
-
Target
ef3b79e8771cd00c61c30593668be56ed74eade79910ae72a504dd571ba9b8ef
-
Size
2.6MB
-
MD5
d808bae5b85d49654587fa97cadc1e5b
-
SHA1
838e8ee580d085e54dcf5ddbcec79bda83cddd87
-
SHA256
ef3b79e8771cd00c61c30593668be56ed74eade79910ae72a504dd571ba9b8ef
-
SHA512
c77fc79a98fc06c1845fb761d5bc1da4783c7ee9d7ea837eaa42cda3eaf2c0f5a6f26919eaeeef3f993b59d14998a340b2add356c78a22d4921d34d5f5d06ecb
-
SSDEEP
49152:NIDEtii6PzF4SipOgNnEciBWm4tjMw2E5a2QLImDK0lOQfi/xggs:uDbU1ZIBWmEjlVkBMmm0lDnp
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-