General
-
Target
TradingView (Premium pack).exe
-
Size
781.3MB
-
Sample
240426-y3gf3acc4y
-
MD5
4a4c83f97addc8204586bfacbaca6987
-
SHA1
f1e16bffb10a444e73fa2b067370b296e21012ce
-
SHA256
f097f5148b93a8700a41eb68e8b55d907e19de539b2b3b95d388241ef5bf87b5
-
SHA512
d773d6235bc1bf0f6159f5442f42cd2666789c463c68908a86449e25fa099e6888943113c9e1e7b07472a34579ad0b77dab0cbdba91af22742e4b78a26b2ac92
-
SSDEEP
98304:P/HQRYdTPnFhcZA9FNeNH35kIoTiIbHE7L7M1TZB0jB7co8NLlWqYFp34r+0V+6s:P/8mTPbcaheNXKS6E7L7+j0d4oylWG+f
Behavioral task
behavioral1
Sample
TradingView (Premium pack).exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
TradingView (Premium pack).exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
TradingView (Premium pack).exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
vidar
https://steamcommunity.com/profiles/76561199677575543
https://t.me/snsb82
Targets
-
-
Target
TradingView (Premium pack).exe
-
Size
781.3MB
-
MD5
4a4c83f97addc8204586bfacbaca6987
-
SHA1
f1e16bffb10a444e73fa2b067370b296e21012ce
-
SHA256
f097f5148b93a8700a41eb68e8b55d907e19de539b2b3b95d388241ef5bf87b5
-
SHA512
d773d6235bc1bf0f6159f5442f42cd2666789c463c68908a86449e25fa099e6888943113c9e1e7b07472a34579ad0b77dab0cbdba91af22742e4b78a26b2ac92
-
SSDEEP
98304:P/HQRYdTPnFhcZA9FNeNH35kIoTiIbHE7L7M1TZB0jB7co8NLlWqYFp34r+0V+6s:P/8mTPbcaheNXKS6E7L7+j0d4oylWG+f
-
Detect Vidar Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-