Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    zzz.rar

  • Size

    12.6MB

  • Sample

    240220-jm38kaeb56

  • MD5

    9e776ff1bed7de15ecfdb3889116b897

  • SHA1

    619d41f79b783012d76963e28e421fdcbfb5e46d

  • SHA256

    469a4e2de0f45d2543d7e535c54c6d6861e26e7ed26e1fda4ce9e00d03fb0077

  • SHA512

    c72ec11cccd3e4c8164243d772d8571e2406fcf8ad5bad2ce21920b8614e260bf8b0f6443bc89ebbe3b6cfa4d925499088f7395131304b6a318831610a0ebf41

  • SSDEEP

    393216:UkYVO4yTVhMSDs8dJkY5ztedLatkHLQLAdeFWU:XYVO4yJhMShJ55zN/HcU

Malware Config

Extracted

Family

vidar

Version

7.8

Botnet

b86ed69267e5641d44dafebd064d1e80

C2

https://65.109.242.97

https://t.me/karl3on

https://steamcommunity.com/profiles/76561199637071579

Attributes
  • profile_id_v2

    b86ed69267e5641d44dafebd064d1e80

  • user_agent

    Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      #DllHijacking #Vidar/Starter.exe

    • Size

      7.3MB

    • MD5

      49b6bce6cd0111433969c39a62635f91

    • SHA1

      0e34b4e770cc7d018b955bc14dabb205321e872c

    • SHA256

      29345d9c6ff0106c9032b15e2c88f17bc8972ed843d1b5c044cf17d00f1d45c5

    • SHA512

      4737663a5a6b30779650dcaa461b7751bfb735d2c906d04d877604db5a270f68205e0ff1240f2509f2835d885708b849759b10d22deff3bf0f03579bd1402ff8

    • SSDEEP

      49152:/Ph7SQtfhuOhfEPOBjP9P6SOgjha5VKnRt3RQ9Wpvgt4sbVpEmVT1oG3vTROBYxI:ntBbz3q9QluER

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

    • Target

      #Rhadamanthys/GitExecutor.exe

    • Size

      42.6MB

    • MD5

      5abc2773c933f069781507d92a27d148

    • SHA1

      3dcba2312e2d596b79f437cf4499695eebdfbccc

    • SHA256

      604a2ed88564c72b2857e6af167f8a771eef5d982c9258889945a415f7d71c17

    • SHA512

      6f1e1f00ffd1b50b2c57e7f194a59815919535e26e9bf22c2ee57da15179c86efa46ed5f98ec85a43da3135e9c5b208fc0060f5a091ba49d06e783141f0eb45b

    • SSDEEP

      98304:UfCv+rScGQYPDofAKB1RYQpHd5nKRQGEaTmR3vNUkqh76n7EnVFG8TzIhX724Lkk:U7EsfAeHY0x7nbT9UsMaN6m

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks