Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup.exe

  • Size

    6.4MB

  • Sample

    240602-vcsjvshg69

  • MD5

    ba06a9e9c33e09fd2e61b78c7893a5dc

  • SHA1

    70eb45e5a629cca480f4ec28194281aecf22e79a

  • SHA256

    bb8ba7ccb5560ffe21a149150b3cc61e68f0fbb6c4a38773c46bc9eeb06811c3

  • SHA512

    a385e27ef5f6f3e60ad85ca2af6429461ff665c9fd54fb4d8e4ccb4ec95a3f4da12d859c69e16dabb390b0f5cb6656d865b3c075f51eacd61f342bd19fe3d3d7

  • SSDEEP

    98304:kAiFTWGEHLYyf1gAFWsD/EaDf/BLHUnZgz5iBjoxTUPcIZ4eYLG9tJ5/krkKUtSG:k5W1H0z+nL/pONjoWPBZiC/krfcr3

Score
10/10

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

    • Target

      Setup.exe

    • Size

      6.4MB

    • MD5

      ba06a9e9c33e09fd2e61b78c7893a5dc

    • SHA1

      70eb45e5a629cca480f4ec28194281aecf22e79a

    • SHA256

      bb8ba7ccb5560ffe21a149150b3cc61e68f0fbb6c4a38773c46bc9eeb06811c3

    • SHA512

      a385e27ef5f6f3e60ad85ca2af6429461ff665c9fd54fb4d8e4ccb4ec95a3f4da12d859c69e16dabb390b0f5cb6656d865b3c075f51eacd61f342bd19fe3d3d7

    • SSDEEP

      98304:kAiFTWGEHLYyf1gAFWsD/EaDf/BLHUnZgz5iBjoxTUPcIZ4eYLG9tJ5/krkKUtSG:k5W1H0z+nL/pONjoWPBZiC/krfcr3

    Score
    10/10
    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks