Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Setup.exe
-
Size
2.0MB
-
Sample
240708-3agzcathlk
-
MD5
e3d5b216c73c93fa570be1776d81da90
-
SHA1
dc66ddc93ed23831977a6dcf08a7b27786e0d169
-
SHA256
b27f2ffda5054c513a5f0dc3bbdc067c78a82f2be201334703f1b45e477cd067
-
SHA512
45a1d097a9e3f164c8b503f4aee0d3afcb747a57f0058c6f0f243f01739a7ecb5636095a72b04a38c0dd6cb0c3f8c12ccafdfd0051dc81f99911f657f9236669
-
SSDEEP
49152:KDjlabwz9ZDjlabwz9F62WMAQaPXvvvELJ8LPel0Pk:6qwvqwhBAh/vvYJ4PLM
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240708-en
Malware Config
Extracted
vidar
https://t.me/bu77un
https://steamcommunity.com/profiles/76561199730044335
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1
Targets
-
-
Target
Setup.exe
-
Size
2.0MB
-
MD5
e3d5b216c73c93fa570be1776d81da90
-
SHA1
dc66ddc93ed23831977a6dcf08a7b27786e0d169
-
SHA256
b27f2ffda5054c513a5f0dc3bbdc067c78a82f2be201334703f1b45e477cd067
-
SHA512
45a1d097a9e3f164c8b503f4aee0d3afcb747a57f0058c6f0f243f01739a7ecb5636095a72b04a38c0dd6cb0c3f8c12ccafdfd0051dc81f99911f657f9236669
-
SSDEEP
49152:KDjlabwz9ZDjlabwz9F62WMAQaPXvvvELJ8LPel0Pk:6qwvqwhBAh/vvYJ4PLM
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-