Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
819KB
-
Sample
230713-ql8j8agh32
-
MD5
090123b58bda7d2621c52c73b177b65d
-
SHA1
11a9f0a16b27aa5841460380c16e23cbdafd08b4
-
SHA256
8744d8ea9cecc91941cfe8161a647fd4af3c77f5045c46b21ab07689a3d349f1
-
SHA512
84fed37f750362859856896c6ecd63fa653ffd3e2ea4436ab09c2133d0c313f9d0cbc6430993c22e861249b3a633620fe5878c8374e2a2655d9bd87a49a70f48
-
SSDEEP
24576:B5EB6gmrAMuF1JMoiE8U/JzIC90RcAcgA7jEjBpJteh:B5EB6gm8MW7/JEc/kjBp/e
Malware Config
Extracted
vidar
4.7
https://t.me/eagl3z
https://t.me/eagl3z
https://steamcommunity.com/profiles/76561199159550234
-
profile_id_v2
https://t.me/eagl3z
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1788.0 uacq
Targets
-
-
Target
file.exe
-
Size
819KB
-
MD5
090123b58bda7d2621c52c73b177b65d
-
SHA1
11a9f0a16b27aa5841460380c16e23cbdafd08b4
-
SHA256
8744d8ea9cecc91941cfe8161a647fd4af3c77f5045c46b21ab07689a3d349f1
-
SHA512
84fed37f750362859856896c6ecd63fa653ffd3e2ea4436ab09c2133d0c313f9d0cbc6430993c22e861249b3a633620fe5878c8374e2a2655d9bd87a49a70f48
-
SSDEEP
24576:B5EB6gmrAMuF1JMoiE8U/JzIC90RcAcgA7jEjBpJteh:B5EB6gm8MW7/JEc/kjBp/e
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-