General
-
Target
fbed7e92caefbd74437d0970921bfd7cb724c98c90efd9b6d0c2ac377751c9e5
-
Size
5.7MB
-
Sample
240410-sgms3acc72
-
MD5
47cd55b63e8e90d8f49352396f76bed6
-
SHA1
26f834b09271d06c5c3c6470d325e0d1f31a6529
-
SHA256
fbed7e92caefbd74437d0970921bfd7cb724c98c90efd9b6d0c2ac377751c9e5
-
SHA512
88fe1cf39b93712c77aaa009c3fe707b7fe1c67969926cea9ab71ec1e97a9342a116ae183e700a538b9c7f7f9fff25a94e9773272ceb7cdcedb7edcaaf5dc440
-
SSDEEP
98304:OkXZUa+lc3JyNKe9yun+rhRl944wU8UVIVkbjlGas9aKzgK0IMVLRypt1:Ok/v3J+9+XT4o8UVI+3QasAomBLq
Behavioral task
behavioral1
Sample
Ip_scanner.exe
Resource
win7-20240221-en
Malware Config
Extracted
vidar
53.4
1364
https://t.me/cheaptrains
https://mastodon.social/@ffolegg94
-
profile_id
1364
Targets
-
-
Target
Ip_scanner.exe
-
Size
407.8MB
-
MD5
7a4ab857659a40a69c0d29650d991a79
-
SHA1
34313010b49837b93df1164071fd8a0f50c88119
-
SHA256
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2
-
SHA512
634decd7f17e82c92b54cd6e52753242de16249f4d9358c6c896cea4532c2c5069a85e5e8f9d8877a2b5ab50ea0e2de20f7fe925fc7aefab54f1c5f2dbf08ede
-
SSDEEP
98304:B5Sn52sYtLDfSR654zrPp8/Rq3ZEVkERxCFJiT0Gu4ueeZk:w4sxR65OpsEZEVjvMJiAMutk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-