Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

859fd7f4cb...18.exe

windows7-x64

10

859fd7f4cb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    859fd7f4cb8cf72aea499822455491eb_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240810-lqxw3ayeje

  • MD5

    859fd7f4cb8cf72aea499822455491eb

  • SHA1

    f8c8087d7931b643cd248dad75914586a06b0e15

  • SHA256

    aa6a6c1eb82a2226946431481ad54d4ab65f1bff3059506a370d66ee0378032f

  • SHA512

    0e5ab9ac15f904defa341bf6390eb5f6d6498969162eff36a45bec41f0a6e8292e29da87f44299e11912a398bcedc95bf354832d9678b886c732aa170cf01b7b

  • SSDEEP

    24576:R8vDqXCTbpAzuY81lXqiC6iHvHJAs+9kAHhgkOX3gud4Phgyzma:RJXm8ulzHjs2s+9ukOv3yaa

Score
10/10
vidarcollectioncredential_accessdiscoveryspywarestealerupx

Malware Config

Targets

    • Target

      859fd7f4cb8cf72aea499822455491eb_JaffaCakes118

    • Size

      1.2MB

    • MD5

      859fd7f4cb8cf72aea499822455491eb

    • SHA1

      f8c8087d7931b643cd248dad75914586a06b0e15

    • SHA256

      aa6a6c1eb82a2226946431481ad54d4ab65f1bff3059506a370d66ee0378032f

    • SHA512

      0e5ab9ac15f904defa341bf6390eb5f6d6498969162eff36a45bec41f0a6e8292e29da87f44299e11912a398bcedc95bf354832d9678b886c732aa170cf01b7b

    • SSDEEP

      24576:R8vDqXCTbpAzuY81lXqiC6iHvHJAs+9kAHhgkOX3gud4Phgyzma:RJXm8ulzHjs2s+9ukOv3yaa

    Score
    10/10
    vidarcollectioncredential_accessdiscoveryspywarestealerupx

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks