Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    47257567cb272a046cdca7596367b2f2.exe

  • Size

    374KB

  • Sample

    221004-h13zaahbcj

  • MD5

    47257567cb272a046cdca7596367b2f2

  • SHA1

    5258ff1376974f62ee35f34425df29a4aae80d98

  • SHA256

    dade5b7aa50e2e1df254ae9c8b70f59cfa6c47889bc1cb3ff722620b367fde60

  • SHA512

    61a98897a22ea5b3ba4dc251476044d7055a87d640361ff67f639e3089a088cd8c57e9d9d4cd7a3fdefd93002687b9dbe4fdca41370f0ff1415f49b18a02f441

  • SSDEEP

    6144:4XJ936eafA9hW5zW2qJMHUYM+fS1v6kkuzbgwuix26wVf:4XJd6K9hWtr0YZ5unnc

Malware Config

Extracted

Family

vidar

Version

54.9

Botnet

517

C2

https://t.me/larsenup

https://ioc.exchange/@zebra54

Attributes
  • profile_id

    517

Targets

    • Target

      47257567cb272a046cdca7596367b2f2.exe

    • Size

      374KB

    • MD5

      47257567cb272a046cdca7596367b2f2

    • SHA1

      5258ff1376974f62ee35f34425df29a4aae80d98

    • SHA256

      dade5b7aa50e2e1df254ae9c8b70f59cfa6c47889bc1cb3ff722620b367fde60

    • SHA512

      61a98897a22ea5b3ba4dc251476044d7055a87d640361ff67f639e3089a088cd8c57e9d9d4cd7a3fdefd93002687b9dbe4fdca41370f0ff1415f49b18a02f441

    • SSDEEP

      6144:4XJ936eafA9hW5zW2qJMHUYM+fS1v6kkuzbgwuix26wVf:4XJd6K9hWtr0YZ5unnc

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks