Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

TradingVie...um.exe

windows7-x64

10

TradingVie...um.exe

windows10-2004-x64

10

Resubmissions

17/05/2024, 13:42

240517-qzpdhaah86 3

17/05/2024, 13:36

240517-qwpvvsah46 3

17/05/2024, 13:05

240517-qby8ssad78 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TradingView_Premium_noPass.zip

  • Size

    54.5MB

  • Sample

    240517-qby8ssad78

  • MD5

    61f2cb9ea6924cf52c1c6fba3ff87e78

  • SHA1

    e20dfe406c7e6f5884a3a6b66e837e199a34f585

  • SHA256

    bb01e384294e4bedc22826dfadb233adc4109afa50926fe5f4e8a47d0a47acce

  • SHA512

    0c26653e1a2e3d21f460bb6b032afa6cf20666a423b2c99ce862d0c4a293668728ec21dd0c862a59bab1234b572aabf216a5f301f4233df1960bace1c5860d4e

  • SSDEEP

    1572864:iEwPU+BlB95wQEQ+VExcUo6vN4DDax0rf:q5TnADqyDU0T

Score
10/10
stealcvidardiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

    • Target

      TradingView_Premium_(password_github)/TradingView Premium.exe

    • Size

      780.4MB

    • MD5

      03c012cc3f4802d728841a93f3603278

    • SHA1

      e72bf615b2a48a8325c0beb49a4a68c639d0f83f

    • SHA256

      33e9d22f4fa05763400a8adb6ce954e21a09209ae366f85f3c4dde035e57f9ee

    • SHA512

      198d0cd063317242c8ce522b1a523823f641f0f9012b7e4e66e909b3fe5a38cdf7b431576c26e64035dae470c2a4bc4f41dd18950a78d6ee749d1559472dc0aa

    • SSDEEP

      98304:pt5Nn3KaFYG6BCuacrYflgURaSgaWmxE9bxNkkbzAQi/ybzCLpRZL:pJ60YG3uaaYtgwaDmx1kbz5zYL

    Score
    10/10
    stealcvidardiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks