Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    37c0f05ee6421cb398999a569599c1b25880c8c58fb89c1256f9a93091337d59

  • Size

    2.1MB

  • Sample

    240522-keg6sshe64

  • MD5

    7c6870f427c6c04597e8ab697826f01e

  • SHA1

    77ac2d4e0ba3ef02967ea36c8d688535b101bccd

  • SHA256

    37c0f05ee6421cb398999a569599c1b25880c8c58fb89c1256f9a93091337d59

  • SHA512

    10ee334480fb6084c46026e0c18bca9acb06b3c91015f235357c51aa37eb6371a480adeb2ae765d058708e2470a6e4523d557c4c6899db9b4db8602c2c9b112b

  • SSDEEP

    49152:N6uDuaS9refGcJtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9DctIuoITsdZ

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

    • Target

      37c0f05ee6421cb398999a569599c1b25880c8c58fb89c1256f9a93091337d59

    • Size

      2.1MB

    • MD5

      7c6870f427c6c04597e8ab697826f01e

    • SHA1

      77ac2d4e0ba3ef02967ea36c8d688535b101bccd

    • SHA256

      37c0f05ee6421cb398999a569599c1b25880c8c58fb89c1256f9a93091337d59

    • SHA512

      10ee334480fb6084c46026e0c18bca9acb06b3c91015f235357c51aa37eb6371a480adeb2ae765d058708e2470a6e4523d557c4c6899db9b4db8602c2c9b112b

    • SSDEEP

      49152:N6uDuaS9refGcJtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9DctIuoITsdZ

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks