Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    650c5cb276ef56d8b2cc4e0b554b3d2e736f7f53c6fbb74f3a350f81ae4a2fed

  • Size

    2.1MB

  • Sample

    240522-fffbdace9z

  • MD5

    13a9d43c03ee9243a34d03bb2aee29f7

  • SHA1

    deec99296da0c5fa52406b53f8fc26c99483b5ed

  • SHA256

    650c5cb276ef56d8b2cc4e0b554b3d2e736f7f53c6fbb74f3a350f81ae4a2fed

  • SHA512

    d916d6ff1c619ae6558861f376fc98d6fa13e0208d2598939970891de02b386cbd7ec6f84e50d90b56ee19d35086219f0288cd41bcdbf905b017104560814334

  • SSDEEP

    49152:N6uDuaS9refCIJtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9HItIuoITsdZ

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

    • Target

      650c5cb276ef56d8b2cc4e0b554b3d2e736f7f53c6fbb74f3a350f81ae4a2fed

    • Size

      2.1MB

    • MD5

      13a9d43c03ee9243a34d03bb2aee29f7

    • SHA1

      deec99296da0c5fa52406b53f8fc26c99483b5ed

    • SHA256

      650c5cb276ef56d8b2cc4e0b554b3d2e736f7f53c6fbb74f3a350f81ae4a2fed

    • SHA512

      d916d6ff1c619ae6558861f376fc98d6fa13e0208d2598939970891de02b386cbd7ec6f84e50d90b56ee19d35086219f0288cd41bcdbf905b017104560814334

    • SSDEEP

      49152:N6uDuaS9refCIJtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9HItIuoITsdZ

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks