Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fe8dd23da7d898858d6a280cd58d4ca332f958a4f9562bf8f364dc4340f9c34c

  • Size

    299KB

  • Sample

    230130-xas4qabf29

  • MD5

    cacd37281c5470cfc13e6db90942d371

  • SHA1

    af9e1477a51858376bd113f8247b4f6ff1b94445

  • SHA256

    fe8dd23da7d898858d6a280cd58d4ca332f958a4f9562bf8f364dc4340f9c34c

  • SHA512

    cfe21519f4c55583c3c68592812dbfa1170279de5e20b3da6d49f66957e373288650bd8c1a6afcd6d70255356674579b40c1b75a7c154fcc705cc89056ff8d67

  • SSDEEP

    6144:okJLJcABUxIoJs9UdWBqm67GeYql4BNMeGNPpJ81rIg5O:oWOABUxIoJs6wzHeYql4wecPI1sF

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

19

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes
  • profile_id

    19

Targets

    • Target

      fe8dd23da7d898858d6a280cd58d4ca332f958a4f9562bf8f364dc4340f9c34c

    • Size

      299KB

    • MD5

      cacd37281c5470cfc13e6db90942d371

    • SHA1

      af9e1477a51858376bd113f8247b4f6ff1b94445

    • SHA256

      fe8dd23da7d898858d6a280cd58d4ca332f958a4f9562bf8f364dc4340f9c34c

    • SHA512

      cfe21519f4c55583c3c68592812dbfa1170279de5e20b3da6d49f66957e373288650bd8c1a6afcd6d70255356674579b40c1b75a7c154fcc705cc89056ff8d67

    • SSDEEP

      6144:okJLJcABUxIoJs9UdWBqm67GeYql4BNMeGNPpJ81rIg5O:oWOABUxIoJs6wzHeYql4wecPI1sF

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks