Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    4.9MB

  • Sample

    220912-dhb1macec3

  • MD5

    57f2f75c17ab7bbc606aed7ad9462f2b

  • SHA1

    e284891b905cd5fb4da41c5fd7d1d25c60b0436d

  • SHA256

    048775019adc05c1978f5be85341eb95fb8c9c15611ee13a1fbbffaef3f4f1dc

  • SHA512

    d8de0b33e63f4c09fabe0c7631005ee142426b9f06f3a5830a40682c41365487cecfc5478a3aa1ef67305eda8ed8d0ff691d0665f0f17d9c0430ae42dd6a8859

  • SSDEEP

    98304:8Tmz2NL20p5QWLTc4owiSAyKkcTz4Gj/8uFIh5gR72SPn:JmfPQWLTDrAyKRf4k/8iIhql2G

Malware Config

Extracted

Family

vidar

Version

54.3

Botnet

1656

C2

https://t.me/karacakahve

https://ieji.de/@tiagoa96

Attributes
  • profile_id

    1656

Targets

    • Target

      file.exe

    • Size

      4.9MB

    • MD5

      57f2f75c17ab7bbc606aed7ad9462f2b

    • SHA1

      e284891b905cd5fb4da41c5fd7d1d25c60b0436d

    • SHA256

      048775019adc05c1978f5be85341eb95fb8c9c15611ee13a1fbbffaef3f4f1dc

    • SHA512

      d8de0b33e63f4c09fabe0c7631005ee142426b9f06f3a5830a40682c41365487cecfc5478a3aa1ef67305eda8ed8d0ff691d0665f0f17d9c0430ae42dd6a8859

    • SSDEEP

      98304:8Tmz2NL20p5QWLTc4owiSAyKkcTz4Gj/8uFIh5gR72SPn:JmfPQWLTDrAyKRf4k/8iIhql2G

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks