Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
924377a0aaee56e994f57c5fee8ff1a36ff4e824255276af4a7f4e3b8bd727dc
-
Size
1.6MB
-
Sample
240612-beax2sxcke
-
MD5
7a72f47332304084eb8dada6d1ea82d0
-
SHA1
869c5365b46530bdeeb319a2956b2aff284b99e2
-
SHA256
924377a0aaee56e994f57c5fee8ff1a36ff4e824255276af4a7f4e3b8bd727dc
-
SHA512
edf4a0357886c02218a4d88d53177f99e26fc46a372c3558ae301055b53ee49c006681024c7e5005a3b8154bc20d4cbb734ba446de5bf03a3bf18d06c7037517
-
SSDEEP
24576:spM5863IGfTAVpalB1UfMxVVtes12FxwojKr98YGeGG9i:spQLYkTYp6B1UkxVVChjHZQs
Static task
static1
Behavioral task
behavioral1
Sample
924377a0aaee56e994f57c5fee8ff1a36ff4e824255276af4a7f4e3b8bd727dc.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
Extracted
vidar
https://t.me/r8z0l
https://steamcommunity.com/profiles/76561199698764354
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
924377a0aaee56e994f57c5fee8ff1a36ff4e824255276af4a7f4e3b8bd727dc
-
Size
1.6MB
-
MD5
7a72f47332304084eb8dada6d1ea82d0
-
SHA1
869c5365b46530bdeeb319a2956b2aff284b99e2
-
SHA256
924377a0aaee56e994f57c5fee8ff1a36ff4e824255276af4a7f4e3b8bd727dc
-
SHA512
edf4a0357886c02218a4d88d53177f99e26fc46a372c3558ae301055b53ee49c006681024c7e5005a3b8154bc20d4cbb734ba446de5bf03a3bf18d06c7037517
-
SSDEEP
24576:spM5863IGfTAVpalB1UfMxVVtes12FxwojKr98YGeGG9i:spQLYkTYp6B1UkxVVChjHZQs
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-