Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b976920a8ac0a3b84b5ab38b00582b3a363fcfbef190ed972894dd0773ddc08

  • Size

    2.0MB

  • Sample

    240520-pwjheabg9w

  • MD5

    7de9cc7acfb895495a3242c6b10629aa

  • SHA1

    ea6f3b1ed1a4f583cb18f0f94b5f86814d3a4d81

  • SHA256

    5b976920a8ac0a3b84b5ab38b00582b3a363fcfbef190ed972894dd0773ddc08

  • SHA512

    d5e63fbdd21b81ac8548711d1aeedbf20031736c9fc99939b2e902832bb4ff8539a00f23ee57cfc9bcc0387c5964785dba8fd426164da629b06919ebb0a01c7d

  • SSDEEP

    49152:IFno/jfcJtTF+TxMoxc1TU+j+dAzGkiT:IFno/j0tIuoITsdZT

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

    • Target

      5b976920a8ac0a3b84b5ab38b00582b3a363fcfbef190ed972894dd0773ddc08

    • Size

      2.0MB

    • MD5

      7de9cc7acfb895495a3242c6b10629aa

    • SHA1

      ea6f3b1ed1a4f583cb18f0f94b5f86814d3a4d81

    • SHA256

      5b976920a8ac0a3b84b5ab38b00582b3a363fcfbef190ed972894dd0773ddc08

    • SHA512

      d5e63fbdd21b81ac8548711d1aeedbf20031736c9fc99939b2e902832bb4ff8539a00f23ee57cfc9bcc0387c5964785dba8fd426164da629b06919ebb0a01c7d

    • SSDEEP

      49152:IFno/jfcJtTF+TxMoxc1TU+j+dAzGkiT:IFno/j0tIuoITsdZT

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks