Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e48219567f84882f41bb1e957bbd1358e453274ca0d2025505c66779f642bc30

  • Size

    216KB

  • Sample

    240919-2pwwdavgpq

  • MD5

    272b330726dec4add609e0d8025d71b7

  • SHA1

    75543ac27b430ef6fec461056ceb6a55a35c7369

  • SHA256

    e48219567f84882f41bb1e957bbd1358e453274ca0d2025505c66779f642bc30

  • SHA512

    6e2731c61ce8ce018deb9e20f772bbe8b6b57df77ac5054fd67b18199ae2de1399add3b29b7a18bdc994f5ab1f8678f3454e593685e1626d4ef525df59532558

  • SSDEEP

    6144:u5Rh+OL63O9k17T5lvuVU0VKsLalk5GwjM8Dxy7QYEO:uLJAEQr6KsLEkkWzyTEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes
  • url_path

    /c4754d4f680ead72.php

Extracted

Family

vidar

C2

https://t.me/edm0d

https://steamcommunity.com/profiles/76561199768374681

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0

Targets

    • Target

      e48219567f84882f41bb1e957bbd1358e453274ca0d2025505c66779f642bc30

    • Size

      216KB

    • MD5

      272b330726dec4add609e0d8025d71b7

    • SHA1

      75543ac27b430ef6fec461056ceb6a55a35c7369

    • SHA256

      e48219567f84882f41bb1e957bbd1358e453274ca0d2025505c66779f642bc30

    • SHA512

      6e2731c61ce8ce018deb9e20f772bbe8b6b57df77ac5054fd67b18199ae2de1399add3b29b7a18bdc994f5ab1f8678f3454e593685e1626d4ef525df59532558

    • SSDEEP

      6144:u5Rh+OL63O9k17T5lvuVU0VKsLalk5GwjM8Dxy7QYEO:uLJAEQr6KsLEkkWzyTEO

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.