Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    292KB

  • Sample

    221014-xhgewsebdr

  • MD5

    010127f3cf0f5ab066c3264e423a33f3

  • SHA1

    e77d2f9799832f6f98269e6d1e8a88ba95a74a7d

  • SHA256

    f17d7c6a4166bae48178a63da35f72da8e73f7e696d2e87e1eba3c9e3df33f42

  • SHA512

    3358fa87cd5fff14da9aa503873e4abfef8c03c510782dae852c63246c30c0640bcb24d9d7d50c5bb0d302d17097a4b61fa7cbe1cc3b97343cc1f1c5fca503b0

  • SSDEEP

    6144:8anKdq2HmrYFHkEr2SuNW8E1koxoJStR:8/dx8YFGSuNW8EyVc

Malware Config

Extracted

Family

vidar

Version

54.7

Botnet

1663

C2

https://t.me/trampapanam

https://nerdculture.de/@yoxhyp

Attributes
  • profile_id

    1663

Targets

    • Target

      tmp

    • Size

      292KB

    • MD5

      010127f3cf0f5ab066c3264e423a33f3

    • SHA1

      e77d2f9799832f6f98269e6d1e8a88ba95a74a7d

    • SHA256

      f17d7c6a4166bae48178a63da35f72da8e73f7e696d2e87e1eba3c9e3df33f42

    • SHA512

      3358fa87cd5fff14da9aa503873e4abfef8c03c510782dae852c63246c30c0640bcb24d9d7d50c5bb0d302d17097a4b61fa7cbe1cc3b97343cc1f1c5fca503b0

    • SSDEEP

      6144:8anKdq2HmrYFHkEr2SuNW8E1koxoJStR:8/dx8YFGSuNW8EyVc

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks