Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    819KB

  • Sample

    230713-ql8j8agh32

  • MD5

    090123b58bda7d2621c52c73b177b65d

  • SHA1

    11a9f0a16b27aa5841460380c16e23cbdafd08b4

  • SHA256

    8744d8ea9cecc91941cfe8161a647fd4af3c77f5045c46b21ab07689a3d349f1

  • SHA512

    84fed37f750362859856896c6ecd63fa653ffd3e2ea4436ab09c2133d0c313f9d0cbc6430993c22e861249b3a633620fe5878c8374e2a2655d9bd87a49a70f48

  • SSDEEP

    24576:B5EB6gmrAMuF1JMoiE8U/JzIC90RcAcgA7jEjBpJteh:B5EB6gm8MW7/JEc/kjBp/e

Malware Config

Extracted

Family

vidar

Version

4.7

Botnet

https://t.me/eagl3z

C2

https://t.me/eagl3z

https://steamcommunity.com/profiles/76561199159550234

Attributes
  • profile_id_v2

    https://t.me/eagl3z

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1788.0 uacq

Targets

    • Target

      file.exe

    • Size

      819KB

    • MD5

      090123b58bda7d2621c52c73b177b65d

    • SHA1

      11a9f0a16b27aa5841460380c16e23cbdafd08b4

    • SHA256

      8744d8ea9cecc91941cfe8161a647fd4af3c77f5045c46b21ab07689a3d349f1

    • SHA512

      84fed37f750362859856896c6ecd63fa653ffd3e2ea4436ab09c2133d0c313f9d0cbc6430993c22e861249b3a633620fe5878c8374e2a2655d9bd87a49a70f48

    • SSDEEP

      24576:B5EB6gmrAMuF1JMoiE8U/JzIC90RcAcgA7jEjBpJteh:B5EB6gm8MW7/JEc/kjBp/e

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks