Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cf28a05a370698e11f6ddd115f2f9fd6997afa52ffb88a2217a3e474ff6a0b9f

  • Size

    297KB

  • Sample

    230110-tqdr7agf33

  • MD5

    39749728056b1b2fc4629ebd91cb2399

  • SHA1

    86192778f32158e2de1a4f2d23c5c43f182948e6

  • SHA256

    cf28a05a370698e11f6ddd115f2f9fd6997afa52ffb88a2217a3e474ff6a0b9f

  • SHA512

    52263b8374b2120f15a4f0bef89e423eddd9598047f4d8841147259ba68d90eb1059516a9274ef4641a8a1e94bb6165c1e4b07617534b96cde0efccbc1f86e80

  • SSDEEP

    6144:ZAp4p89LFwaC7aTkp51fk00ke4E0IhjUkbT:ZhpkNU5kDke4EjP

Malware Config

Extracted

Family

vidar

Version

1.9

Botnet

560

C2

https://t.me/travelticketshop

https://steamcommunity.com/profiles/76561199469016299

Attributes
  • profile_id

    560

Targets

    • Target

      cf28a05a370698e11f6ddd115f2f9fd6997afa52ffb88a2217a3e474ff6a0b9f

    • Size

      297KB

    • MD5

      39749728056b1b2fc4629ebd91cb2399

    • SHA1

      86192778f32158e2de1a4f2d23c5c43f182948e6

    • SHA256

      cf28a05a370698e11f6ddd115f2f9fd6997afa52ffb88a2217a3e474ff6a0b9f

    • SHA512

      52263b8374b2120f15a4f0bef89e423eddd9598047f4d8841147259ba68d90eb1059516a9274ef4641a8a1e94bb6165c1e4b07617534b96cde0efccbc1f86e80

    • SSDEEP

      6144:ZAp4p89LFwaC7aTkp51fk00ke4E0IhjUkbT:ZhpkNU5kDke4EjP

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks