Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2c644cced4c0cdfbf5b1ca12834645519feb0f82f4256c514513ede43ff75712
-
Size
2.2MB
-
Sample
240703-3ft6vs1hkk
-
MD5
11f3e4676a5090fed6d34d1853faaa5a
-
SHA1
2ed2179842150ce1f56df26313364ae5def16fa8
-
SHA256
2c644cced4c0cdfbf5b1ca12834645519feb0f82f4256c514513ede43ff75712
-
SHA512
2cec10346194f563df363cdb1f92c3ebccfd9bd12fe19408fc3c39d41ff074c165ced244ac6afa7778dcc476dab7cd140d1a81e07d7fb877b5c6a2b69d24fc17
-
SSDEEP
24576:tS3YnKk3guxNWbmbbKBBdQlNtZYzMPkYHXANYksiZArxliP4OTomFu5Xxth9:c3YKMFT8W5aYRi2lpYu5XxZ
Static task
static1
Behavioral task
behavioral1
Sample
2c644cced4c0cdfbf5b1ca12834645519feb0f82f4256c514513ede43ff75712.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
vidar
https://t.me/bu77un
https://steamcommunity.com/profiles/76561199730044335
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1
Targets
-
-
Target
2c644cced4c0cdfbf5b1ca12834645519feb0f82f4256c514513ede43ff75712
-
Size
2.2MB
-
MD5
11f3e4676a5090fed6d34d1853faaa5a
-
SHA1
2ed2179842150ce1f56df26313364ae5def16fa8
-
SHA256
2c644cced4c0cdfbf5b1ca12834645519feb0f82f4256c514513ede43ff75712
-
SHA512
2cec10346194f563df363cdb1f92c3ebccfd9bd12fe19408fc3c39d41ff074c165ced244ac6afa7778dcc476dab7cd140d1a81e07d7fb877b5c6a2b69d24fc17
-
SSDEEP
24576:tS3YnKk3guxNWbmbbKBBdQlNtZYzMPkYHXANYksiZArxliP4OTomFu5Xxth9:c3YKMFT8W5aYRi2lpYu5XxZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-