Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6a373eb8f771884afc984fba23ff81b034146282f9285e5beaf5eb31d886366.exe

  • Size

    614KB

  • Sample

    230806-ssv9kscb9x

  • MD5

    f2e35af2013a8cf04a5ab63348b6958d

  • SHA1

    eca2a467462ff167d3511ca0fdd5373228612718

  • SHA256

    d6a373eb8f771884afc984fba23ff81b034146282f9285e5beaf5eb31d886366

  • SHA512

    5609c88267fbf4452c7dd0b2e7bc97e2e02752b2333993ea0e9f91425fd9315b626ada9a392210224ed2fe7da1fdf57e7a74837b38a31ef5b57e18af791a5ad7

  • SSDEEP

    12288:0hqxSLo5C1Ps4XhAjN8GVNoBlR+m651ItSpDvg6q/BCOg:0HLmCiIhoB7oFSzIYtUxg

Malware Config

Extracted

Family

vidar

Version

5

Botnet

43a6ce95ca0edbaf09babc2b3d43fe58

C2

https://t.me/versozaline

https://steamcommunity.com/profiles/76561199532186526

Attributes
  • profile_id_v2

    43a6ce95ca0edbaf09babc2b3d43fe58

  • user_agent

    Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0

Targets

    • Target

      d6a373eb8f771884afc984fba23ff81b034146282f9285e5beaf5eb31d886366.exe

    • Size

      614KB

    • MD5

      f2e35af2013a8cf04a5ab63348b6958d

    • SHA1

      eca2a467462ff167d3511ca0fdd5373228612718

    • SHA256

      d6a373eb8f771884afc984fba23ff81b034146282f9285e5beaf5eb31d886366

    • SHA512

      5609c88267fbf4452c7dd0b2e7bc97e2e02752b2333993ea0e9f91425fd9315b626ada9a392210224ed2fe7da1fdf57e7a74837b38a31ef5b57e18af791a5ad7

    • SSDEEP

      12288:0hqxSLo5C1Ps4XhAjN8GVNoBlR+m651ItSpDvg6q/BCOg:0HLmCiIhoB7oFSzIYtUxg

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks