Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5b4a9e04b965aabae6f402c64bc965264eba5f460172b51f0c19f9146765883a
-
Size
345KB
-
Sample
230419-3nwpnafh9w
-
MD5
859c74c9e8c54dbcbd42a73c1548a363
-
SHA1
0604f728197d8563221d126743828894f4ad0dea
-
SHA256
5b4a9e04b965aabae6f402c64bc965264eba5f460172b51f0c19f9146765883a
-
SHA512
5e3c88fc99d8c87e3254264ba97ce8ffcd132849c5ff0629ffaafbc398a80c75697877e8fa40dbcd723067cf88abe8d501f7c543b5fc1bee499d147dfe2e5a3a
-
SSDEEP
6144:DDq+6bntsareKiOukMkeYQoQ0j+g4/ve:3UbntsKhiOujB
Malware Config
Extracted
vidar
3.4
e749025c61b2caca10aa829a9e1a65a1
https://steamcommunity.com/profiles/76561199494593681
https://t.me/auftriebs
-
profile_id_v2
e749025c61b2caca10aa829a9e1a65a1
-
user_agent
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0
Targets
-
-
Target
5b4a9e04b965aabae6f402c64bc965264eba5f460172b51f0c19f9146765883a
-
Size
345KB
-
MD5
859c74c9e8c54dbcbd42a73c1548a363
-
SHA1
0604f728197d8563221d126743828894f4ad0dea
-
SHA256
5b4a9e04b965aabae6f402c64bc965264eba5f460172b51f0c19f9146765883a
-
SHA512
5e3c88fc99d8c87e3254264ba97ce8ffcd132849c5ff0629ffaafbc398a80c75697877e8fa40dbcd723067cf88abe8d501f7c543b5fc1bee499d147dfe2e5a3a
-
SSDEEP
6144:DDq+6bntsareKiOukMkeYQoQ0j+g4/ve:3UbntsKhiOujB
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-