Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
58f16cc21973f83ce13d2b4271d39b42.bin.exe
-
Size
1.1MB
-
Sample
230403-wm1hwsgc86
-
MD5
58f16cc21973f83ce13d2b4271d39b42
-
SHA1
a78a0c627e1d469cb5404a41f07c2d3a38840bad
-
SHA256
7ed279a6de558b31e93b310ca21564c42431fea11bb55794f8c28126dc1fe1fd
-
SHA512
c39fbb15052462ea2beba8933a4dca198c0ba79ff2d547df6f9b4f503d0b92f4b2a05611ec7daa4ca68d89d27c7a52ca976edc271ddb0924a64137b17c3dc54c
-
SSDEEP
12288:gF3xilhpL6Igw0Ev5tKvhurIfqiJaXpEt8labCis:oxSrL6Iz0+wTJaXpEhCis
Malware Config
Extracted
vidar
3.3
1e6f203d28d0cd17be85912cc7cd240d
https://steamcommunity.com/profiles/76561199492257783
https://t.me/justsometg
-
profile_id_v2
1e6f203d28d0cd17be85912cc7cd240d
-
user_agent
Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9
Targets
-
-
Target
58f16cc21973f83ce13d2b4271d39b42.bin.exe
-
Size
1.1MB
-
MD5
58f16cc21973f83ce13d2b4271d39b42
-
SHA1
a78a0c627e1d469cb5404a41f07c2d3a38840bad
-
SHA256
7ed279a6de558b31e93b310ca21564c42431fea11bb55794f8c28126dc1fe1fd
-
SHA512
c39fbb15052462ea2beba8933a4dca198c0ba79ff2d547df6f9b4f503d0b92f4b2a05611ec7daa4ca68d89d27c7a52ca976edc271ddb0924a64137b17c3dc54c
-
SSDEEP
12288:gF3xilhpL6Igw0Ev5tKvhurIfqiJaXpEt8labCis:oxSrL6Iz0+wTJaXpEhCis
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-