General
-
Target
mm2_script.exe
-
Size
779.0MB
-
Sample
240525-yzfqcsgg9x
-
MD5
046cb8524f5b4dbcc9ab33a4efa3b0a9
-
SHA1
1942141f2935fd99a82455170e44bc76f7e30372
-
SHA256
8e546b234527478f0cbe882fa647c385b7f2079fbd036ac029d1c9bba088cebe
-
SHA512
35369d25359d2e129263cfb053f8bbe5896721452ae3ddba20559305f98f2668d6bb80a77d503aa5ae78e2d4e266a4d9b0dab4fe3ccd92b37eee6e55d9989616
-
SSDEEP
196608:JX4EsBB8WwgTgUoRxe+2l4YX5Lc1QJgxoTJGEs:9ylwgxHNlqDE
Behavioral task
behavioral1
Sample
mm2_script.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
Targets
-
-
Target
mm2_script.exe
-
Size
779.0MB
-
MD5
046cb8524f5b4dbcc9ab33a4efa3b0a9
-
SHA1
1942141f2935fd99a82455170e44bc76f7e30372
-
SHA256
8e546b234527478f0cbe882fa647c385b7f2079fbd036ac029d1c9bba088cebe
-
SHA512
35369d25359d2e129263cfb053f8bbe5896721452ae3ddba20559305f98f2668d6bb80a77d503aa5ae78e2d4e266a4d9b0dab4fe3ccd92b37eee6e55d9989616
-
SSDEEP
196608:JX4EsBB8WwgTgUoRxe+2l4YX5Lc1QJgxoTJGEs:9ylwgxHNlqDE
-
Detect Vidar Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-