Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
207KB
-
Sample
240828-zpvl7sxdrr
-
MD5
8e41d2107579afb2911dccffeab97f1c
-
SHA1
e364f0f9b85adcb64747c8eac819a1b59b458727
-
SHA256
c5c219a6512dc639b5ac5837abe4217e265f7d165159da131eb32048b0c15030
-
SHA512
3f6193ece0cfca6cdbe2803ddbb6d38295837f7c01e92594fad0ce7be2f505880daa8e48d77fe00a18d7d18ed9413873e70f7ab0baf1438431f8b8c7e1b9de88
-
SSDEEP
3072:+6wNIhnghQ+uCos63ZV1LrV1/FwVJ5mfzPNx4u5lEuvdh4XMBfApkaFGAq6KYzEO:fwNItDCb2ZV1PmVJ5mfzF1Gnp8WEO
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
stealc
default
http://46.8.231.109
-
url_path
/c4754d4f680ead72.php
Extracted
vidar
10.8
d9949d63cb2f6fce6f80667c0c98ea24
https://t.me/jamelwt
https://steamcommunity.com/profiles/76561199761128941
https://t.me/iyigunl
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Extracted
lumma
https://condedqpwqm.shop/api
Targets
-
-
Target
file.exe
-
Size
207KB
-
MD5
8e41d2107579afb2911dccffeab97f1c
-
SHA1
e364f0f9b85adcb64747c8eac819a1b59b458727
-
SHA256
c5c219a6512dc639b5ac5837abe4217e265f7d165159da131eb32048b0c15030
-
SHA512
3f6193ece0cfca6cdbe2803ddbb6d38295837f7c01e92594fad0ce7be2f505880daa8e48d77fe00a18d7d18ed9413873e70f7ab0baf1438431f8b8c7e1b9de88
-
SSDEEP
3072:+6wNIhnghQ+uCos63ZV1LrV1/FwVJ5mfzPNx4u5lEuvdh4XMBfApkaFGAq6KYzEO:fwNItDCb2ZV1PmVJ5mfzF1Gnp8WEO
-
Detect Vidar Stealer
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4