General
-
Target
use_7788_tо_оpen (2).zip
-
Size
30.1MB
-
Sample
240501-yhq5rshc39
-
MD5
7bd25e5ebfb7e86b77b590f191d86ad5
-
SHA1
cd13c636596beda6d2ab376ceb1267b956f3e388
-
SHA256
123cf972e1300e3ea446d176796913f54f5b8c96232cf06365656f505c065a37
-
SHA512
5b906038d3c31f9c1d11d91573b27b649259ef4eda4723581a400f7bf4a250460df2f8dce0b77620cb45e6bdd1b36c49de181a80b683873e1d1f11dc14a8b870
-
SSDEEP
786432:NJAbDrxgB70I9negmAdaQ45Mphy/PeTgHRwyNNI:NJA2B7f9nBmAdK5McPeTgHRwCI
Malware Config
Extracted
vidar
e2fbe3ae2d0b282d162bb6c860980518
https://hypaton.xyz
https://steamcommunity.com/profiles/76561199677575543
https://t.me/snsb82
-
profile_id_v2
e2fbe3ae2d0b282d162bb6c860980518
-
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6
Targets
-
-
Target
use_7788_tо_оpen (2)/Setup.exe
-
Size
8.5MB
-
MD5
98169506fec94c2b12ba9930ad704515
-
SHA1
bce662a9fb94551f648ba2d7e29659957fd6a428
-
SHA256
9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
-
SHA512
7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30
-
SSDEEP
196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-