Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Fortnite_Hack_v3.2.rar

  • Size

    6.7MB

  • Sample

    230420-f87w4ahh2z

  • MD5

    10a84dd13e051cc5c8a725346a059116

  • SHA1

    968a8eb11cda8e8c32ad8cb981147d4ea7b19e3e

  • SHA256

    c2797dd833c4aafa1ea8be296491d30088e246367ed18cfeb9fbc5b2a6ee323e

  • SHA512

    5c66701cdd1b9d897207ba185e6b761bf09ceeeb9975265e1d379695c6ebcac8ad18133a62d82093494270fda6e3d02444fd8c00ecd5db6640760bdb806b5e3c

  • SSDEEP

    196608:5I9NUu7xtnnF1h18TI0ZuYANl4gEOnrM9BR:5GNn9tnF1HmHLiFa

Malware Config

Extracted

Family

vidar

Version

3.5

Botnet

395ff08de6af5e2dbf2e94b1ee2175c2

C2

https://steamcommunity.com/profiles/76561199497218285

https://t.me/tg_duckworld

Attributes
  • profile_id_v2

    395ff08de6af5e2dbf2e94b1ee2175c2

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

    • Target

      Fortnite_Hack_v3.2.rar

    • Size

      6.7MB

    • MD5

      10a84dd13e051cc5c8a725346a059116

    • SHA1

      968a8eb11cda8e8c32ad8cb981147d4ea7b19e3e

    • SHA256

      c2797dd833c4aafa1ea8be296491d30088e246367ed18cfeb9fbc5b2a6ee323e

    • SHA512

      5c66701cdd1b9d897207ba185e6b761bf09ceeeb9975265e1d379695c6ebcac8ad18133a62d82093494270fda6e3d02444fd8c00ecd5db6640760bdb806b5e3c

    • SSDEEP

      196608:5I9NUu7xtnnF1h18TI0ZuYANl4gEOnrM9BR:5GNn9tnF1HmHLiFa

    Score
    3/10
    • Target

      Setup.exe

    • Size

      1011.0MB

    • MD5

      d35a4d0264151fe12392c2de7b862df5

    • SHA1

      2db6d67aa751316ce81b539c29283e6fdf7ea127

    • SHA256

      bff00b68ddba7142583a95fe90cb337ba59fef25fc0696847a19b60a4a782e6a

    • SHA512

      eb5b22d44e90d70da0e6142b5a4725f1475a0db5c132aa783b11abc54fde6c7b51d31644be34de0fd27eb69598c592fbf9a289cb36e698c460bd7187f38069a9

    • SSDEEP

      24576:cMOCW00r5wCxnzmkMDghx9qinBSl6QOM6LvFuPROlW5wwwwwwwwwwwwwwwwwwwwQ:bBW00GCZ6e5rdu8lWK

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks