Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
336KB
-
Sample
221228-wdevtsba76
-
MD5
6dc8116e251405d1a7f69f0c732adec6
-
SHA1
da0a9831cd4674b70441d259984e67333e786a1c
-
SHA256
ea12ac3067417f9ecc1f666318e1f063e8ddc74ef6fb83162ba68c1d6819df21
-
SHA512
8f06175910feb1d9b9a8a091aa554bbef8b7edf203b7eadc841c4b22318eca2b821421b3110b658bf5438dee83e6d829e463b3381327ec66c8a4b31e23e368f3
-
SSDEEP
6144:HLjUsW95K5nGbMjsqs/pCk9ybVqzE3JgxRmi3tm:HcsW956nQMjsykUbgzEZuki3tm
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
1.7
24
https://t.me/robloxblackl
https://steamcommunity.com/profiles/76561199458928097
-
profile_id
24
Targets
-
-
Target
file.exe
-
Size
336KB
-
MD5
6dc8116e251405d1a7f69f0c732adec6
-
SHA1
da0a9831cd4674b70441d259984e67333e786a1c
-
SHA256
ea12ac3067417f9ecc1f666318e1f063e8ddc74ef6fb83162ba68c1d6819df21
-
SHA512
8f06175910feb1d9b9a8a091aa554bbef8b7edf203b7eadc841c4b22318eca2b821421b3110b658bf5438dee83e6d829e463b3381327ec66c8a4b31e23e368f3
-
SSDEEP
6144:HLjUsW95K5nGbMjsqs/pCk9ybVqzE3JgxRmi3tm:HcsW956nQMjsykUbgzEZuki3tm
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-