Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fec56798464e65c834bad15ec9a2ffbd34e69753eb7c6992b08b4e8df31265ea

  • Size

    2.4MB

  • Sample

    240523-z3m5aagh42

  • MD5

    6e3af7040b6bb97e2ab45c5e4598a819

  • SHA1

    5b68709fad39133b529d37002e81233a8aff658d

  • SHA256

    fec56798464e65c834bad15ec9a2ffbd34e69753eb7c6992b08b4e8df31265ea

  • SHA512

    f93f04b334f51c3f9811cb70f4bdc9513d2359e36571349ad0ee248e58be3234050894a88779d52fb215b0fde1afa9210f84f1bde5b94681a3039c83ef4fdbc4

  • SSDEEP

    49152:jxIRJF1HL+VdX68kUKJtTF+TxMoxc1TU+j+dAzGwlrh:jEJF16dX68dKtIuoITsdZ

Malware Config

Extracted

Family

stealc

rc4.plain
1
2910114286690104117195131148

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199689717899

https://t.me/copterwin

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      fec56798464e65c834bad15ec9a2ffbd34e69753eb7c6992b08b4e8df31265ea

    • Size

      2.4MB

    • MD5

      6e3af7040b6bb97e2ab45c5e4598a819

    • SHA1

      5b68709fad39133b529d37002e81233a8aff658d

    • SHA256

      fec56798464e65c834bad15ec9a2ffbd34e69753eb7c6992b08b4e8df31265ea

    • SHA512

      f93f04b334f51c3f9811cb70f4bdc9513d2359e36571349ad0ee248e58be3234050894a88779d52fb215b0fde1afa9210f84f1bde5b94681a3039c83ef4fdbc4

    • SSDEEP

      49152:jxIRJF1HL+VdX68kUKJtTF+TxMoxc1TU+j+dAzGwlrh:jEJF16dX68dKtIuoITsdZ

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.