Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8f8a2176880d870914390bb2b62a538a0491ae0fc353b3b845acec0dd3751794
-
Size
826KB
-
Sample
240720-fyspes1fmb
-
MD5
5f661bce27073f4b496277cbc2fa246d
-
SHA1
c8bdd873deb476df8a5442db116e77a7711a4f3f
-
SHA256
8f8a2176880d870914390bb2b62a538a0491ae0fc353b3b845acec0dd3751794
-
SHA512
b69f5036cffdadb53a4915409fa75cb27f66482bf055dff6a0bdcfdef7e50e806309b7e3a9e1ef29cf59ad5ec142a534d57e67915b152214316875e837ecb0ce
-
SSDEEP
12288:tC1U5/+u/RXk8dT5SgSOFsz+kdOfFRLo1njpUAmJ7TqQlgPxRLHqZ:tuUhlJ08V5HS36FfFRLodDmxTqX7e
Static task
static1
Behavioral task
behavioral1
Sample
8f8a2176880d870914390bb2b62a538a0491ae0fc353b3b845acec0dd3751794.exe
Resource
win10-20240404-en
Malware Config
Extracted
vidar
10.5
7b04eca2ba9484306915531fb29d1798
https://t.me/obeliszxgeaea_1337
http://104.131.166.122:80
http://159.89.26.154:80
https://t.me/s41l0
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
Targets
-
-
Target
8f8a2176880d870914390bb2b62a538a0491ae0fc353b3b845acec0dd3751794
-
Size
826KB
-
MD5
5f661bce27073f4b496277cbc2fa246d
-
SHA1
c8bdd873deb476df8a5442db116e77a7711a4f3f
-
SHA256
8f8a2176880d870914390bb2b62a538a0491ae0fc353b3b845acec0dd3751794
-
SHA512
b69f5036cffdadb53a4915409fa75cb27f66482bf055dff6a0bdcfdef7e50e806309b7e3a9e1ef29cf59ad5ec142a534d57e67915b152214316875e837ecb0ce
-
SSDEEP
12288:tC1U5/+u/RXk8dT5SgSOFsz+kdOfFRLo1njpUAmJ7TqQlgPxRLHqZ:tuUhlJ08V5HS36FfFRLodDmxTqX7e
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-