Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
88182016daa697b08bb26ef40195a3c9271f42479cfa4be5e0824386de459e27
-
Size
438KB
-
Sample
230529-17tnaseb6v
-
MD5
02401d92e69bf0f576742ea490d9ac2f
-
SHA1
04887088ded63df74235c9bb5970f7c08ffbf017
-
SHA256
88182016daa697b08bb26ef40195a3c9271f42479cfa4be5e0824386de459e27
-
SHA512
2f4cf3c2e98c748316498e56b6e3761f4ff426a92218141e79e53290bb79612b2516d20fba485c5886b6b964a20ba21a8c62bd0883a1ae5f9bde5d22487c6ddf
-
SSDEEP
6144:DZFMs5DjTYyaWm0BEd1ONWGfhHkUG/n13GJj+WUqKILIvo0:D5hjHc1oEGfhHHCIU7I
Malware Config
Extracted
vidar
4.1
a247b760bbf343752090be1436805458
https://t.me/task4manager
http://23.88.46.113:80
https://steamcommunity.com/profiles/76561199510444991
-
profile_id_v2
a247b760bbf343752090be1436805458
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.34
Targets
-
-
Target
88182016daa697b08bb26ef40195a3c9271f42479cfa4be5e0824386de459e27
-
Size
438KB
-
MD5
02401d92e69bf0f576742ea490d9ac2f
-
SHA1
04887088ded63df74235c9bb5970f7c08ffbf017
-
SHA256
88182016daa697b08bb26ef40195a3c9271f42479cfa4be5e0824386de459e27
-
SHA512
2f4cf3c2e98c748316498e56b6e3761f4ff426a92218141e79e53290bb79612b2516d20fba485c5886b6b964a20ba21a8c62bd0883a1ae5f9bde5d22487c6ddf
-
SSDEEP
6144:DZFMs5DjTYyaWm0BEd1ONWGfhHkUG/n13GJj+WUqKILIvo0:D5hjHc1oEGfhHHCIU7I
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-