Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
@!#SETUP_FILE_2024_PASSCODE_$.rar
-
Size
23.5MB
-
Sample
240428-vm7rjacf9y
-
MD5
7611e93930a3ebfc3144343b30cd9dcd
-
SHA1
2fcfefd406cfbade85a6e58aa06442bd925aeb5d
-
SHA256
e8b27d9776228fec69909096f712fcbf90cd8a335394e3791ac3be7cb37b3556
-
SHA512
93240b34e717a3c93d1ca7bdb25c7bbfc3bb5969c09c6dacc1dcb6b1e92577da311e006442ce1a5d28c99625abafa666a76b33b4f80f9195669d2702dc7d3673
-
SSDEEP
393216:FK6+W0Ec0JqaRS46jX7k2E1AIvcGdqwHjW0V/exgk+oraBa8m2kPU0t8:86n0EcqS5X7OiIUNwD3eh+fBu2uU0t8
Static task
static1
Behavioral task
behavioral1
Sample
@!#SETUP_FILE_2024_PASSCODE_$.rar
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
vidar
2d607fa287d60e8ad23c103ccc60d6b0
https://hypaton.xyz
https://steamcommunity.com/profiles/76561199677575543
https://t.me/snsb82
-
profile_id_v2
2d607fa287d60e8ad23c103ccc60d6b0
-
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6
Targets
-
-
Target
@!#SETUP_FILE_2024_PASSCODE_$.rar
-
Size
23.5MB
-
MD5
7611e93930a3ebfc3144343b30cd9dcd
-
SHA1
2fcfefd406cfbade85a6e58aa06442bd925aeb5d
-
SHA256
e8b27d9776228fec69909096f712fcbf90cd8a335394e3791ac3be7cb37b3556
-
SHA512
93240b34e717a3c93d1ca7bdb25c7bbfc3bb5969c09c6dacc1dcb6b1e92577da311e006442ce1a5d28c99625abafa666a76b33b4f80f9195669d2702dc7d3673
-
SSDEEP
393216:FK6+W0Ec0JqaRS46jX7k2E1AIvcGdqwHjW0V/exgk+oraBa8m2kPU0t8:86n0EcqS5X7OiIUNwD3eh+fBu2uU0t8
Score3/10 -
-
-
Target
Setup.exe
-
Size
8.5MB
-
MD5
98169506fec94c2b12ba9930ad704515
-
SHA1
bce662a9fb94551f648ba2d7e29659957fd6a428
-
SHA256
9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
-
SHA512
7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30
-
SSDEEP
196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Detect Vidar Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-