Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
902d5c0b3d4d3e9d749f453c7af4d2818b8d2dea26879d45920ef9b3dd4d413a
-
Size
406KB
-
Sample
230514-ptwpysbh86
-
MD5
5c4dcaec7906eee482fcbee60428b84a
-
SHA1
7df46e101bd851540cc21ef33564e8f3b6e41236
-
SHA256
902d5c0b3d4d3e9d749f453c7af4d2818b8d2dea26879d45920ef9b3dd4d413a
-
SHA512
cace9dddb4e902f1384919ea99d375246072eda7f79c6922a868f47b214c147dc866f5c66eda311cca82e9be50c66d8fb9cbbb2eb80a888521f2f91723135677
-
SSDEEP
6144:QUUhl5Lt20fe7J8NbO4rxZEwndVNbjMCHKxAqWuX5yKeJcti:QUUJp2MC8NbVH7/pjgx0
Static task
static1
Behavioral task
behavioral1
Sample
902d5c0b3d4d3e9d749f453c7af4d2818b8d2dea26879d45920ef9b3dd4d413a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
vidar
3.8
cdb48fb567690db37648afd4e1d83137
https://steamcommunity.com/profiles/76561198272578552
https://t.me/libpcre
-
profile_id_v2
cdb48fb567690db37648afd4e1d83137
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7
Targets
-
-
Target
902d5c0b3d4d3e9d749f453c7af4d2818b8d2dea26879d45920ef9b3dd4d413a
-
Size
406KB
-
MD5
5c4dcaec7906eee482fcbee60428b84a
-
SHA1
7df46e101bd851540cc21ef33564e8f3b6e41236
-
SHA256
902d5c0b3d4d3e9d749f453c7af4d2818b8d2dea26879d45920ef9b3dd4d413a
-
SHA512
cace9dddb4e902f1384919ea99d375246072eda7f79c6922a868f47b214c147dc866f5c66eda311cca82e9be50c66d8fb9cbbb2eb80a888521f2f91723135677
-
SSDEEP
6144:QUUhl5Lt20fe7J8NbO4rxZEwndVNbjMCHKxAqWuX5yKeJcti:QUUJp2MC8NbVH7/pjgx0
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-