General
-
Target
TradingView_Premium_pack.zip
-
Size
55.4MB
-
Sample
240426-2hezaaed2z
-
MD5
ae72a0cb410c0ba716bb1235286bd73f
-
SHA1
1c455d7983fb7a6cba3473427c9b2102fb84be79
-
SHA256
8c9b3548fa5600a27cf9e6d7ffd7c0502c4395cb82b85d87ff7c5bcb3acb459a
-
SHA512
cc6807ae911cb0b79b1d245a85c57b7e589bf573209c725a599801679bee41a483aafc8023718ba33ea7960a9f6c02265e621a043d9997a5394a89fa29abcba3
-
SSDEEP
1572864:pG++vdl/DIOpxoVNeFJQ7r3TbdJFxjQRlX5fJo0uJtYDxV:pGpdtIOnsieFNQRdbo0gODb
Behavioral task
behavioral1
Sample
TradingView_Premium_pack_(password-github)/Rmb.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
TradingView_Premium_pack_(password-github)/Rmb.exe
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
TradingView_Premium_pack_(password-github)/TradingView (Premium pack).exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral4
Sample
TradingView_Premium_pack_(password-github)/TradingView (Premium pack).exe
Resource
win11-20240419-en
Behavioral task
behavioral5
Sample
TradingView_Premium_pack_(password-github)/analyzer.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral6
Sample
TradingView_Premium_pack_(password-github)/analyzer.exe
Resource
win11-20240419-en
Malware Config
Extracted
vidar
https://steamcommunity.com/profiles/76561199677575543
https://t.me/snsb82
Targets
-
-
Target
TradingView_Premium_pack_(password-github)/Rmb.dll
-
Size
550KB
-
MD5
8b23fb9dd8cdf72b7c8a598fe9e1336c
-
SHA1
1e006bc7b3874d1cdd409cf40f5766ab2b61c19e
-
SHA256
8d11e254e2aca73da95da065cf2e548198a9594f11a72c5b21fad5086491e35b
-
SHA512
0e4e380fbb4dffa03b7c65756c634d4726ea104f1693ed2ad405322e0b78f8fc583c83bcb67ca5c63fec695fa4ca22bd5b5edb814e24c918f5ab7766104ea91f
-
SSDEEP
12288:1l9womI1TtxwsCc+b78SVdidzMsd1zX3XE/:tmQxwRbjVTq1H2
Score1/10 -
-
-
Target
TradingView_Premium_pack_(password-github)/TradingView (Premium pack).exe
-
Size
781.3MB
-
MD5
4a4c83f97addc8204586bfacbaca6987
-
SHA1
f1e16bffb10a444e73fa2b067370b296e21012ce
-
SHA256
f097f5148b93a8700a41eb68e8b55d907e19de539b2b3b95d388241ef5bf87b5
-
SHA512
d773d6235bc1bf0f6159f5442f42cd2666789c463c68908a86449e25fa099e6888943113c9e1e7b07472a34579ad0b77dab0cbdba91af22742e4b78a26b2ac92
-
SSDEEP
98304:P/HQRYdTPnFhcZA9FNeNH35kIoTiIbHE7L7M1TZB0jB7co8NLlWqYFp34r+0V+6s:P/8mTPbcaheNXKS6E7L7+j0d4oylWG+f
-
Detect Vidar Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
TradingView_Premium_pack_(password-github)/analyzer.dll
-
Size
633KB
-
MD5
d10436f1338e2e29688fbf45abc2060e
-
SHA1
eae8be254e7616cf7cb4fab7184c2176ae3b26a3
-
SHA256
4d2c54fdb342ac5d5742afa2b2552040d29b43071f73b8366682acfbeeed58de
-
SHA512
703bde24b0b9305a2582fe052d1c5010387cce49575f917b076f954e4777351aaff20e9a0914e192b8c1e69358b75a99abab640fd957199381d6fe6d5a877170
-
SSDEEP
6144:of+cfRfAw8eDJIRrRyZsFaMNbhkN2R21ePCm8x1USZ7baiO9vDUdGCRpP:CtZdDJIRFy6NbJwlm8x+S7O97UQmP
Score1/10 -