Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
zzz.rar
-
Size
12.6MB
-
Sample
240220-jm38kaeb56
-
MD5
9e776ff1bed7de15ecfdb3889116b897
-
SHA1
619d41f79b783012d76963e28e421fdcbfb5e46d
-
SHA256
469a4e2de0f45d2543d7e535c54c6d6861e26e7ed26e1fda4ce9e00d03fb0077
-
SHA512
c72ec11cccd3e4c8164243d772d8571e2406fcf8ad5bad2ce21920b8614e260bf8b0f6443bc89ebbe3b6cfa4d925499088f7395131304b6a318831610a0ebf41
-
SSDEEP
393216:UkYVO4yTVhMSDs8dJkY5ztedLatkHLQLAdeFWU:XYVO4yJhMShJ55zN/HcU
Static task
static1
Behavioral task
behavioral1
Sample
#DllHijacking #Vidar/Starter.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
#DllHijacking #Vidar/Starter.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
#Rhadamanthys/GitExecutor.exe
Resource
win7-20231215-en
Malware Config
Extracted
vidar
7.8
b86ed69267e5641d44dafebd064d1e80
https://65.109.242.97
https://t.me/karl3on
https://steamcommunity.com/profiles/76561199637071579
-
profile_id_v2
b86ed69267e5641d44dafebd064d1e80
-
user_agent
Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9
Extracted
lumma
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Targets
-
-
Target
#DllHijacking #Vidar/Starter.exe
-
Size
7.3MB
-
MD5
49b6bce6cd0111433969c39a62635f91
-
SHA1
0e34b4e770cc7d018b955bc14dabb205321e872c
-
SHA256
29345d9c6ff0106c9032b15e2c88f17bc8972ed843d1b5c044cf17d00f1d45c5
-
SHA512
4737663a5a6b30779650dcaa461b7751bfb735d2c906d04d877604db5a270f68205e0ff1240f2509f2835d885708b849759b10d22deff3bf0f03579bd1402ff8
-
SSDEEP
49152:/Ph7SQtfhuOhfEPOBjP9P6SOgjha5VKnRt3RQ9Wpvgt4sbVpEmVT1oG3vTROBYxI:ntBbz3q9QluER
Score10/10-
Detect Vidar Stealer
-
Suspicious use of SetThreadContext
-
-
-
Target
#Rhadamanthys/GitExecutor.exe
-
Size
42.6MB
-
MD5
5abc2773c933f069781507d92a27d148
-
SHA1
3dcba2312e2d596b79f437cf4499695eebdfbccc
-
SHA256
604a2ed88564c72b2857e6af167f8a771eef5d982c9258889945a415f7d71c17
-
SHA512
6f1e1f00ffd1b50b2c57e7f194a59815919535e26e9bf22c2ee57da15179c86efa46ed5f98ec85a43da3135e9c5b208fc0060f5a091ba49d06e783141f0eb45b
-
SSDEEP
98304:UfCv+rScGQYPDofAKB1RYQpHd5nKRQGEaTmR3vNUkqh76n7EnVFG8TzIhX724Lkk:U7EsfAeHY0x7nbT9UsMaN6m
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-