Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    904bbfe7aa61eb17a05ddbb479f429f3442331fa4d14aa85fd4a149ef98c1849

  • Size

    1.7MB

  • Sample

    240610-mhax1agd96

  • MD5

    706ce534b200a7c6b00756308170870d

  • SHA1

    ffa8f9e3b51f42018382d4b52c889084f9c1e0ce

  • SHA256

    904bbfe7aa61eb17a05ddbb479f429f3442331fa4d14aa85fd4a149ef98c1849

  • SHA512

    bb31155da9831b2d527ec7cbee328bc915835a22f5e43c1a0a8ab90895809ccf99857295c6eaddcbd6468e2b1c0eaedb9e85a6a691144a155d03a49e0df846a8

  • SSDEEP

    24576:ZoZYQkmdrf+zUfMxVVtes12FxwojKr98YGeGG9iH:ZPYxaUkxVVChjHZQsH

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      904bbfe7aa61eb17a05ddbb479f429f3442331fa4d14aa85fd4a149ef98c1849

    • Size

      1.7MB

    • MD5

      706ce534b200a7c6b00756308170870d

    • SHA1

      ffa8f9e3b51f42018382d4b52c889084f9c1e0ce

    • SHA256

      904bbfe7aa61eb17a05ddbb479f429f3442331fa4d14aa85fd4a149ef98c1849

    • SHA512

      bb31155da9831b2d527ec7cbee328bc915835a22f5e43c1a0a8ab90895809ccf99857295c6eaddcbd6468e2b1c0eaedb9e85a6a691144a155d03a49e0df846a8

    • SSDEEP

      24576:ZoZYQkmdrf+zUfMxVVtes12FxwojKr98YGeGG9iH:ZPYxaUkxVVChjHZQsH

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks