Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mega_Setup_1234_PasS_O2b.rar

  • Size

    5.8MB

  • Sample

    221124-jza3jsdd31

  • MD5

    6b6b4f79c1fdcdf1846fdaab31142436

  • SHA1

    ed6b42e81307db23e6242c479e8b9f3fa53447b8

  • SHA256

    eb7507564b36ed867c5269b50023f9d92f90f6bfa231d2147d95d396effc8e79

  • SHA512

    c573b174373b9ff67b434848847f3a12a98c12fa8284b0f9bf82fb4bb9fd9abb7a19aa76b4996c0e46b5e0b6310beddd48cd27336fd6d083bdcc3e23ad1b7c30

  • SSDEEP

    98304:igOsqtQ8WB4HadBFaiYq8v/OIfdvZ9cUNStbcO9lrJ/jhOkHMxuNw:ig/qm8WBagBFvh8d1nVStIO3V/1OkHMP

Score
10/10
vidar1364discoveryevasionspywarestealertrojan

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1364

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531
Attributes
  • profile_id

    1364

Targets

    • Target

      Setup.exe

    • Size

      402.4MB

    • MD5

      6adcaa3e5c4f4e3032213c1fb3df7601

    • SHA1

      c0244876355d6f78243bfff431c0291464294c76

    • SHA256

      9a89f5cde589c87da99ada9d22a0007b4f831ad93165c0f8c3407193690549cb

    • SHA512

      0062d487210d66eb1e3fa2688885749c7fb186fbdf3c287d53290ef07c93fc70da8162ab16c5a6930966ac2d14c3821cefbda2bd898e39dc27ac7907daaf4e03

    • SSDEEP

      98304:acNazSSfyLzA5h3Y8VTnYgjs0QN6Xykq4phnp5S55nP7pvMQE+SmpW:V7zAjY8Vq6igjC5t9jpSmpW

    Score
    10/10
    vidar1364discoveryevasionspywarestealertrojan

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks