Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4720007dc50c1eda6f4aaf5ba8eeebb276ecde68bbf1a146fce899aa2b0c0c1c

  • Size

    430KB

  • Sample

    230319-tb8n1sbb2w

  • MD5

    c310d4e479589d94b6f948a43624d3e0

  • SHA1

    46110b16dfea473ed09db50c9688b47020bc39b0

  • SHA256

    4720007dc50c1eda6f4aaf5ba8eeebb276ecde68bbf1a146fce899aa2b0c0c1c

  • SHA512

    4c39789d30d6e7c543ef8831a73e017856b08219117123ee5f65636f60819f53cccbdff436f50abb75236b7e73a8ed3a6994d2c63335a382779772fb476071cd

  • SSDEEP

    6144:SXa7AHRZ/jjmEhQjolEQZu7k0U4ETThwMdCl24c8rufdhzSxucWJBM:ia7WRxjjmEl0k0wThwMsM7rmIckq

Malware Config

Extracted

Family

vidar

Version

3

Botnet

2548f166286a0b36dbfd9f8a1ac09311

C2

https://t.me/zaskullz

https://steamcommunity.com/profiles/76561199486572327

http://135.181.87.234:80

Attributes
  • profile_id_v2

    2548f166286a0b36dbfd9f8a1ac09311

Targets

    • Target

      4720007dc50c1eda6f4aaf5ba8eeebb276ecde68bbf1a146fce899aa2b0c0c1c

    • Size

      430KB

    • MD5

      c310d4e479589d94b6f948a43624d3e0

    • SHA1

      46110b16dfea473ed09db50c9688b47020bc39b0

    • SHA256

      4720007dc50c1eda6f4aaf5ba8eeebb276ecde68bbf1a146fce899aa2b0c0c1c

    • SHA512

      4c39789d30d6e7c543ef8831a73e017856b08219117123ee5f65636f60819f53cccbdff436f50abb75236b7e73a8ed3a6994d2c63335a382779772fb476071cd

    • SSDEEP

      6144:SXa7AHRZ/jjmEhQjolEQZu7k0U4ETThwMdCl24c8rufdhzSxucWJBM:ia7WRxjjmEl0k0wThwMsM7rmIckq

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks