Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

45e60d534b...bf.exe

windows7-x64

10

45e60d534b...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45e60d534bea9a3857d5f64f010f789986ffb6a7c4d75fe5ebb103a0227f24bf.bin

  • Size

    429KB

  • Sample

    230430-3tb77sah24

  • MD5

    de22088d32dab5b8478e4712c4382797

  • SHA1

    575d7e63a4c0f0354b9f9b439c4d14b757dd1009

  • SHA256

    45e60d534bea9a3857d5f64f010f789986ffb6a7c4d75fe5ebb103a0227f24bf

  • SHA512

    449feac9afa449d3db2df24eac0d99eef4a0625ad2b8230c4effa3d90d74ab5cffa846366b23ffe82f65a4621dc184e3973d7a8b540bb95ef0bb20a86053f949

  • SSDEEP

    12288:TVIhKLd+7W2QIlSLby0YL2rMsY9OBGCI:RIhKLsq2XSPy/6gFy

Score
10/10
laplasvidar78489afd9d9a4747beb445e5fb5b9c96clipperdiscoveryevasionpersistencespywarestealertrojanupx

Malware Config

Extracted

Family

vidar

Version

3.6

Botnet

78489afd9d9a4747beb445e5fb5b9c96

C2

https://steamcommunity.com/profiles/76561199499188534

https://t.me/nutalse
Attributes
  • profile_id_v2

    78489afd9d9a4747beb445e5fb5b9c96

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36

Extracted

Family

laplas

C2

http://89.23.97.128

Attributes
  • api_key

    bc2dceabe69fa26dbf4dd8295d65e03e1990633a88c1c8410825c9266b239396

Targets

    • Target

      45e60d534bea9a3857d5f64f010f789986ffb6a7c4d75fe5ebb103a0227f24bf.bin

    • Size

      429KB

    • MD5

      de22088d32dab5b8478e4712c4382797

    • SHA1

      575d7e63a4c0f0354b9f9b439c4d14b757dd1009

    • SHA256

      45e60d534bea9a3857d5f64f010f789986ffb6a7c4d75fe5ebb103a0227f24bf

    • SHA512

      449feac9afa449d3db2df24eac0d99eef4a0625ad2b8230c4effa3d90d74ab5cffa846366b23ffe82f65a4621dc184e3973d7a8b540bb95ef0bb20a86053f949

    • SSDEEP

      12288:TVIhKLd+7W2QIlSLby0YL2rMsY9OBGCI:RIhKLsq2XSPy/6gFy

    Score
    10/10
    vidar78489afd9d9a4747beb445e5fb5b9c96stealerlaplasclipperdiscoveryevasionpersistencespywaretrojanupx

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.