Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e95217e0e62d82df096a4fb8ac08b6d4d9643fe85b740b468435531d8b18d6c2

  • Size

    284KB

  • Sample

    240430-mzpsgsad73

  • MD5

    2aac7041efa0f0f858c973b7b544d158

  • SHA1

    15ebf734381de456f817056488a2efa76eb57fcb

  • SHA256

    e95217e0e62d82df096a4fb8ac08b6d4d9643fe85b740b468435531d8b18d6c2

  • SHA512

    be4e18690ef64785cf66f0acae44fadd7c2ebb39ec35b7ecc1513f4fceb1950b6c2475e55cdffe844e3baad8c7fb3e06433b9c52e417ad9a4535a20ae5c2de0c

  • SSDEEP

    3072:ZBHWeP4pSyh47tN+jUQp54Y1IbIjE9+t/YLWWy6hyr87+6vD4zi0bKhGTGfsZ2wb:zA5q7tNY4Y1IbIjQ+twKWWr+Mi0cIu

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

Version

9.3

Botnet

45a2c60205d395ecda49074119ba58ac

C2

https://steamcommunity.com/profiles/76561199680449169

https://t.me/r1g1o

Attributes
  • profile_id_v2

    45a2c60205d395ecda49074119ba58ac

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0

Targets

    • Target

      e95217e0e62d82df096a4fb8ac08b6d4d9643fe85b740b468435531d8b18d6c2

    • Size

      284KB

    • MD5

      2aac7041efa0f0f858c973b7b544d158

    • SHA1

      15ebf734381de456f817056488a2efa76eb57fcb

    • SHA256

      e95217e0e62d82df096a4fb8ac08b6d4d9643fe85b740b468435531d8b18d6c2

    • SHA512

      be4e18690ef64785cf66f0acae44fadd7c2ebb39ec35b7ecc1513f4fceb1950b6c2475e55cdffe844e3baad8c7fb3e06433b9c52e417ad9a4535a20ae5c2de0c

    • SSDEEP

      3072:ZBHWeP4pSyh47tN+jUQp54Y1IbIjE9+t/YLWWy6hyr87+6vD4zi0bKhGTGfsZ2wb:zA5q7tNY4Y1IbIjQ+twKWWr+Mi0cIu

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks