Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Setup.exe
-
Size
6.4MB
-
Sample
240602-vcsjvshg69
-
MD5
ba06a9e9c33e09fd2e61b78c7893a5dc
-
SHA1
70eb45e5a629cca480f4ec28194281aecf22e79a
-
SHA256
bb8ba7ccb5560ffe21a149150b3cc61e68f0fbb6c4a38773c46bc9eeb06811c3
-
SHA512
a385e27ef5f6f3e60ad85ca2af6429461ff665c9fd54fb4d8e4ccb4ec95a3f4da12d859c69e16dabb390b0f5cb6656d865b3c075f51eacd61f342bd19fe3d3d7
-
SSDEEP
98304:kAiFTWGEHLYyf1gAFWsD/EaDf/BLHUnZgz5iBjoxTUPcIZ4eYLG9tJ5/krkKUtSG:k5W1H0z+nL/pONjoWPBZiC/krfcr3
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240419-en
Malware Config
Extracted
stealc
Targets
-
-
Target
Setup.exe
-
Size
6.4MB
-
MD5
ba06a9e9c33e09fd2e61b78c7893a5dc
-
SHA1
70eb45e5a629cca480f4ec28194281aecf22e79a
-
SHA256
bb8ba7ccb5560ffe21a149150b3cc61e68f0fbb6c4a38773c46bc9eeb06811c3
-
SHA512
a385e27ef5f6f3e60ad85ca2af6429461ff665c9fd54fb4d8e4ccb4ec95a3f4da12d859c69e16dabb390b0f5cb6656d865b3c075f51eacd61f342bd19fe3d3d7
-
SSDEEP
98304:kAiFTWGEHLYyf1gAFWsD/EaDf/BLHUnZgz5iBjoxTUPcIZ4eYLG9tJ5/krkKUtSG:k5W1H0z+nL/pONjoWPBZiC/krfcr3
-
Detect Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-