Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    58f16cc21973f83ce13d2b4271d39b42.bin.exe

  • Size

    1.1MB

  • Sample

    230403-wm1hwsgc86

  • MD5

    58f16cc21973f83ce13d2b4271d39b42

  • SHA1

    a78a0c627e1d469cb5404a41f07c2d3a38840bad

  • SHA256

    7ed279a6de558b31e93b310ca21564c42431fea11bb55794f8c28126dc1fe1fd

  • SHA512

    c39fbb15052462ea2beba8933a4dca198c0ba79ff2d547df6f9b4f503d0b92f4b2a05611ec7daa4ca68d89d27c7a52ca976edc271ddb0924a64137b17c3dc54c

  • SSDEEP

    12288:gF3xilhpL6Igw0Ev5tKvhurIfqiJaXpEt8labCis:oxSrL6Iz0+wTJaXpEhCis

Malware Config

Extracted

Family

vidar

Version

3.3

Botnet

1e6f203d28d0cd17be85912cc7cd240d

C2

https://steamcommunity.com/profiles/76561199492257783

https://t.me/justsometg

Attributes
  • profile_id_v2

    1e6f203d28d0cd17be85912cc7cd240d

  • user_agent

    Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Targets

    • Target

      58f16cc21973f83ce13d2b4271d39b42.bin.exe

    • Size

      1.1MB

    • MD5

      58f16cc21973f83ce13d2b4271d39b42

    • SHA1

      a78a0c627e1d469cb5404a41f07c2d3a38840bad

    • SHA256

      7ed279a6de558b31e93b310ca21564c42431fea11bb55794f8c28126dc1fe1fd

    • SHA512

      c39fbb15052462ea2beba8933a4dca198c0ba79ff2d547df6f9b4f503d0b92f4b2a05611ec7daa4ca68d89d27c7a52ca976edc271ddb0924a64137b17c3dc54c

    • SSDEEP

      12288:gF3xilhpL6Igw0Ev5tKvhurIfqiJaXpEt8labCis:oxSrL6Iz0+wTJaXpEhCis

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks