Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

12/02/2023, 22:05

230212-1z1fwagh65 10

12/02/2023, 20:32

230212-zbbl6sfg7w 7

General

  • Target

    DiscordSetup.rar

  • Size

    682.6MB

  • Sample

    230212-1z1fwagh65

  • MD5

    22328d5e3431101538f08af9672a1406

  • SHA1

    fe9bf7e09397949bf922dc772eb08e22a80be04b

  • SHA256

    002e597cf728daad8a4ac159dbf634571f985ba657e047df8a2a82b9bc49ecf2

  • SHA512

    5373766419bc5339d7c92c62cc3d7928e262d7c8c307bbe77545ae46e5795a83f021627cd57df851b462c854ee651e4fd4260462d12a8005ec28bd081d148f8e

  • SSDEEP

    6291456:p8bSYBSkfXVSt7nsTR4dwl01X9b+6lYzPzm:aSY5NS5kmal01XR+6lYz7m

Malware Config

Extracted

Family

vidar

Version

2.4

Botnet

839

Attributes
  • profile_id

    839

Targets

    • Target

      Setup.exe

    • Size

      464.6MB

    • MD5

      350a2e8a8fd1cc46f25ff822b5fef864

    • SHA1

      6ced61594dbe240d0dbaa548eba526790b6e27f5

    • SHA256

      83b096c9efd0c9c855b9b8a7d70ebfb7f50e0449a824c52bf18a81b75a6037bd

    • SHA512

      27d75283812c73fe5e9d0bdfbf590ae00d2f2ae024c1dcc83c16e186ff65f2ceb3b939cef828e1bab7005356ba39d5dd96cca06a7d6fcfd37533aa48e68c2f15

    • SSDEEP

      24576:Lum9BtnqcmZV0mNzVLjFD23pWVKgnJC2Tld/wCyKkgJe/lgTbSUobuLA4ibic:L3qrZBLfY3pWVrJdf/wPKI/qRob2A4iH

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      resource/RedistList/Columm/whipsKnarredFilles/data.dll

    • Size

      213.8MB

    • MD5

      867bb097ceb506f01a8b782b121ca852

    • SHA1

      aefe4d3954cf2de0304ff8a1f5725e4a5ecc41c3

    • SHA256

      7d0d05dac12f27399dde7699bee3f85c00c7eebaddcfbfdce64533de4055e742

    • SHA512

      af8cfff829a0417e57215da86689ba892ba40ba8ee7b8f32b7b73fa132b63115d9d10365dd67e89e935316fdcdc06fcff2f0327cc27c434d850993d2365b3831

    • SSDEEP

      6291456:L8bSYBSkfXVSt7nsTR4dwl01X9b+6lYzPzv:oSY5NS5kmal01XR+6lYz7v

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks