Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    4.9MB

  • Sample

    220912-dhb1macec3

  • MD5

    57f2f75c17ab7bbc606aed7ad9462f2b

  • SHA1

    e284891b905cd5fb4da41c5fd7d1d25c60b0436d

  • SHA256

    048775019adc05c1978f5be85341eb95fb8c9c15611ee13a1fbbffaef3f4f1dc

  • SHA512

    d8de0b33e63f4c09fabe0c7631005ee142426b9f06f3a5830a40682c41365487cecfc5478a3aa1ef67305eda8ed8d0ff691d0665f0f17d9c0430ae42dd6a8859

  • SSDEEP

    98304:8Tmz2NL20p5QWLTc4owiSAyKkcTz4Gj/8uFIh5gR72SPn:JmfPQWLTDrAyKRf4k/8iIhql2G

Malware Config

Extracted

Family

vidar

Version

54.3

Botnet

1656

C2

https://t.me/karacakahve

https://ieji.de/@tiagoa96

Attributes
  • profile_id

    1656

Targets

    • Target

      file.exe

    • Size

      4.9MB

    • MD5

      57f2f75c17ab7bbc606aed7ad9462f2b

    • SHA1

      e284891b905cd5fb4da41c5fd7d1d25c60b0436d

    • SHA256

      048775019adc05c1978f5be85341eb95fb8c9c15611ee13a1fbbffaef3f4f1dc

    • SHA512

      d8de0b33e63f4c09fabe0c7631005ee142426b9f06f3a5830a40682c41365487cecfc5478a3aa1ef67305eda8ed8d0ff691d0665f0f17d9c0430ae42dd6a8859

    • SSDEEP

      98304:8Tmz2NL20p5QWLTc4owiSAyKkcTz4Gj/8uFIh5gR72SPn:JmfPQWLTDrAyKRf4k/8iIhql2G

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.