Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    88182016daa697b08bb26ef40195a3c9271f42479cfa4be5e0824386de459e27

  • Size

    438KB

  • Sample

    230529-17tnaseb6v

  • MD5

    02401d92e69bf0f576742ea490d9ac2f

  • SHA1

    04887088ded63df74235c9bb5970f7c08ffbf017

  • SHA256

    88182016daa697b08bb26ef40195a3c9271f42479cfa4be5e0824386de459e27

  • SHA512

    2f4cf3c2e98c748316498e56b6e3761f4ff426a92218141e79e53290bb79612b2516d20fba485c5886b6b964a20ba21a8c62bd0883a1ae5f9bde5d22487c6ddf

  • SSDEEP

    6144:DZFMs5DjTYyaWm0BEd1ONWGfhHkUG/n13GJj+WUqKILIvo0:D5hjHc1oEGfhHHCIU7I

Malware Config

Extracted

Family

vidar

Version

4.1

Botnet

a247b760bbf343752090be1436805458

C2

https://t.me/task4manager

http://23.88.46.113:80

https://steamcommunity.com/profiles/76561199510444991

Attributes
  • profile_id_v2

    a247b760bbf343752090be1436805458

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.34

Targets

    • Target

      88182016daa697b08bb26ef40195a3c9271f42479cfa4be5e0824386de459e27

    • Size

      438KB

    • MD5

      02401d92e69bf0f576742ea490d9ac2f

    • SHA1

      04887088ded63df74235c9bb5970f7c08ffbf017

    • SHA256

      88182016daa697b08bb26ef40195a3c9271f42479cfa4be5e0824386de459e27

    • SHA512

      2f4cf3c2e98c748316498e56b6e3761f4ff426a92218141e79e53290bb79612b2516d20fba485c5886b6b964a20ba21a8c62bd0883a1ae5f9bde5d22487c6ddf

    • SSDEEP

      6144:DZFMs5DjTYyaWm0BEd1ONWGfhHkUG/n13GJj+WUqKILIvo0:D5hjHc1oEGfhHHCIU7I

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks