Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bank_statement.scr.exe
-
Size
37.0MB
-
Sample
230606-vmd48afc6x
-
MD5
61e6735126b6504424d090ac796f8a49
-
SHA1
7e8838d573b193beedfa12ff74e1e4933944587a
-
SHA256
c8e45719240f875784086abcc66cdbf68a102c1d3d5edabb0c7da44516621e51
-
SHA512
b24367cca3405aed1f55517242b4680d94cc149ba8bc112af5eb37ba2c86e873a11b7ee117138a0ffc1597e6e175d2d1f9db0c79188cb9cbc5d2cfb5edf3ed9c
-
SSDEEP
393216:NS3GX6iThaMcP5L56QHbe/klf3FWpis6n93CnVspY9rw20amy/dtzEvQ4iD6t+t2:a3iTkFVBn9Tpkw3dUzMri2ty7I9
Malware Config
Extracted
vidar
4.2
655d9e590e95375f4ab0b3055662ab2e
https://steamcommunity.com/profiles/76561199511129510
https://t.me/rechnungsbetrag
-
profile_id_v2
655d9e590e95375f4ab0b3055662ab2e
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75
Targets
-
-
Target
bank_statement.scr.exe
-
Size
37.0MB
-
MD5
61e6735126b6504424d090ac796f8a49
-
SHA1
7e8838d573b193beedfa12ff74e1e4933944587a
-
SHA256
c8e45719240f875784086abcc66cdbf68a102c1d3d5edabb0c7da44516621e51
-
SHA512
b24367cca3405aed1f55517242b4680d94cc149ba8bc112af5eb37ba2c86e873a11b7ee117138a0ffc1597e6e175d2d1f9db0c79188cb9cbc5d2cfb5edf3ed9c
-
SSDEEP
393216:NS3GX6iThaMcP5L56QHbe/klf3FWpis6n93CnVspY9rw20amy/dtzEvQ4iD6t+t2:a3iTkFVBn9Tpkw3dUzMri2ty7I9
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses 2FA software files, possible credential harvesting
-
Suspicious use of SetThreadContext
-