Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
TORRENTOLD-1.exe
-
Size
384KB
-
Sample
241012-xkezvawckg
-
MD5
e5eedc78a0a3ff607806e21ab267c553
-
SHA1
25192b22de6978b9a9ef2099e3d2091d5b3cb1ca
-
SHA256
ddf69adbff600c109b11204055b517b5fca9298e2765beac4e5a6fd762be4e9d
-
SHA512
58204f12909ebba7f9d3f2006da6c9562acbdbf9b14046ddc734294760900eee1e562c1b5e204c369851f95f3474a5545e66605e2405eefdf57fa6b254b85cd5
-
SSDEEP
6144:RKynBLh/DXvm55d7/8PbJ0XoJtmZSZBKkhzXgdg:IuDX+vd7EPF0XutVekhz6g
Behavioral task
behavioral1
Sample
TORRENTOLD-1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
TORRENTOLD-1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11
7e6c13833126d03adc9573b3325d5542
https://steamcommunity.com/profiles/76561199780418869
https://t.me/ae5ed
Targets
-
-
Target
TORRENTOLD-1.exe
-
Size
384KB
-
MD5
e5eedc78a0a3ff607806e21ab267c553
-
SHA1
25192b22de6978b9a9ef2099e3d2091d5b3cb1ca
-
SHA256
ddf69adbff600c109b11204055b517b5fca9298e2765beac4e5a6fd762be4e9d
-
SHA512
58204f12909ebba7f9d3f2006da6c9562acbdbf9b14046ddc734294760900eee1e562c1b5e204c369851f95f3474a5545e66605e2405eefdf57fa6b254b85cd5
-
SSDEEP
6144:RKynBLh/DXvm55d7/8PbJ0XoJtmZSZBKkhzXgdg:IuDX+vd7EPF0XutVekhz6g
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4