Extracted

• • Target

    @!#SETUP_FILE_2024_PASSCODE_$.rar

  • Size

    23.5MB

  • MD5

    7611e93930a3ebfc3144343b30cd9dcd

  • SHA1

    2fcfefd406cfbade85a6e58aa06442bd925aeb5d

  • SHA256

    e8b27d9776228fec69909096f712fcbf90cd8a335394e3791ac3be7cb37b3556

  • SHA512

    93240b34e717a3c93d1ca7bdb25c7bbfc3bb5969c09c6dacc1dcb6b1e92577da311e006442ce1a5d28c99625abafa666a76b33b4f80f9195669d2702dc7d3673

  • SSDEEP

    393216:FK6+W0Ec0JqaRS46jX7k2E1AIvcGdqwHjW0V/exgk+oraBa8m2kPU0t8:86n0EcqS5X7OiIUNwD3eh+fBu2uU0t8

  Score

  3^/10
  behavioral1

• • Target

    Setup.exe

  • Size

    8.5MB

  • MD5

    98169506fec94c2b12ba9930ad704515

  • SHA1

    bce662a9fb94551f648ba2d7e29659957fd6a428

  • SHA256

    9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363

  • SHA512

    7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30

  • SSDEEP

    196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK

  Score

  10^/10

  banloadvidar2d607fa287d60e8ad23c103ccc60d6b0downloaderdropperevasionpersistencestealertrojan

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral2