Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    30e08db1dca8919a070a9d851dbe03ab75484faf87f4f2c5fcc9ef033ab407e8

  • Size

    290KB

  • Sample

    231023-csk6lsfe53

  • MD5

    20a12cde7ba258bae05369d35a98cbc3

  • SHA1

    3c429c4c3daf14076588fb8dee165924cda226e0

  • SHA256

    30e08db1dca8919a070a9d851dbe03ab75484faf87f4f2c5fcc9ef033ab407e8

  • SHA512

    3465dba35534a21888a2516c2501cd9f7acedfa2f9ce6821234b9a13a7ef317c4bbf635faa3f5424960c81d1cc8fc33b633ddc781f10062864c14d3bb7a29a36

  • SSDEEP

    6144:tSEfAJfnjQTT5bP43PfVjP9etwf3EoOB2A19VgrIqt:8EYhjQJb8PfxPeE3hOM3cq

Malware Config

Extracted

Family

vidar

Version

6.1

Botnet

55d1d90f582be35927dbf245a6a59f6e

C2

https://steamcommunity.com/profiles/76561199563297648

https://t.me/twowheelfun

Attributes
  • profile_id_v2

    55d1d90f582be35927dbf245a6a59f6e

  • user_agent

    Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/605.1.15

Targets

    • Target

      30e08db1dca8919a070a9d851dbe03ab75484faf87f4f2c5fcc9ef033ab407e8

    • Size

      290KB

    • MD5

      20a12cde7ba258bae05369d35a98cbc3

    • SHA1

      3c429c4c3daf14076588fb8dee165924cda226e0

    • SHA256

      30e08db1dca8919a070a9d851dbe03ab75484faf87f4f2c5fcc9ef033ab407e8

    • SHA512

      3465dba35534a21888a2516c2501cd9f7acedfa2f9ce6821234b9a13a7ef317c4bbf635faa3f5424960c81d1cc8fc33b633ddc781f10062864c14d3bb7a29a36

    • SSDEEP

      6144:tSEfAJfnjQTT5bP43PfVjP9etwf3EoOB2A19VgrIqt:8EYhjQJb8PfxPeE3hOM3cq

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks