Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d5753dabf4ad1811f657440d47a810f82eb60c389da494fc4f8b4e43f050842c

  • Size

    656KB

  • Sample

    230515-n2x3bafb79

  • MD5

    6ab2485ef6dd80d3ba1b975481d44d48

  • SHA1

    96dc7c2800bcd6874d011755c3f1818a4401b245

  • SHA256

    d5753dabf4ad1811f657440d47a810f82eb60c389da494fc4f8b4e43f050842c

  • SHA512

    6d95d46e3c3856f75c79be22a90c6dd6c8bb49c3577c253f425658935362d82dec84f2026d6b5966de329727f2ccb08f4b85a7b0cea0e9fd5275cf6767dd996a

  • SSDEEP

    12288:MVxoDHQfHuudDoSQ7x09p4k/6ljiBCnXPTW9qhy7kfWlE7TLd7uf:MVuH+HZdkSrmk/LYn/+4fv5uf

Malware Config

Extracted

Family

vidar

Version

3.9

Botnet

c89701f76d55bd16f016c6a04354b8ea

C2

https://steamcommunity.com/profiles/76561199263069598

https://t.me/cybehost

Attributes
  • profile_id_v2

    c89701f76d55bd16f016c6a04354b8ea

  • user_agent

    Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.7 (like Gecko) (Debian)

Targets

    • Target

      d5753dabf4ad1811f657440d47a810f82eb60c389da494fc4f8b4e43f050842c

    • Size

      656KB

    • MD5

      6ab2485ef6dd80d3ba1b975481d44d48

    • SHA1

      96dc7c2800bcd6874d011755c3f1818a4401b245

    • SHA256

      d5753dabf4ad1811f657440d47a810f82eb60c389da494fc4f8b4e43f050842c

    • SHA512

      6d95d46e3c3856f75c79be22a90c6dd6c8bb49c3577c253f425658935362d82dec84f2026d6b5966de329727f2ccb08f4b85a7b0cea0e9fd5275cf6767dd996a

    • SSDEEP

      12288:MVxoDHQfHuudDoSQ7x09p4k/6ljiBCnXPTW9qhy7kfWlE7TLd7uf:MVuH+HZdkSrmk/LYn/+4fv5uf

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks