Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Unlock_App_6.6.rar

  • Size

    44.6MB

  • Sample

    240220-tl1fdsbf96

  • MD5

    6c9eb6d5677d6395ad819159d8627bf0

  • SHA1

    7700f530bf2e1a6e04c0c4d03f95d95a303c5220

  • SHA256

    20c4230bc5ec9ca11fee5126fafd6ce4a4ec99a7c1c9f9f428d06dc409c19bb0

  • SHA512

    3a0c2cb9ea80a2a242fe7b330d853a28473369a9c3da029aee189837e92b0a6c32c0b0fd0ff00ba570fb523c29086c54197e51beb2babdb4351e8f1407abd2b2

  • SSDEEP

    786432:T6LrH42lZh/+/oHsEo88aHpUN0zGPUEu396rmeDrtlwnQ/z:T6LrY2lZh2wzo8BTGPUV966ekns

Malware Config

Extracted

Family

vidar

Version

7.9

Botnet

6c468b67f5f4b14cdea5182be9e4f737

C2

https://t.me/hypergog

https://steamcommunity.com/profiles/76561199642171824

Attributes
  • profile_id_v2

    6c468b67f5f4b14cdea5182be9e4f737

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36

Targets

    • Target

      Unlock_App_6.6.rar

    • Size

      44.6MB

    • MD5

      6c9eb6d5677d6395ad819159d8627bf0

    • SHA1

      7700f530bf2e1a6e04c0c4d03f95d95a303c5220

    • SHA256

      20c4230bc5ec9ca11fee5126fafd6ce4a4ec99a7c1c9f9f428d06dc409c19bb0

    • SHA512

      3a0c2cb9ea80a2a242fe7b330d853a28473369a9c3da029aee189837e92b0a6c32c0b0fd0ff00ba570fb523c29086c54197e51beb2babdb4351e8f1407abd2b2

    • SSDEEP

      786432:T6LrH42lZh/+/oHsEo88aHpUN0zGPUEu396rmeDrtlwnQ/z:T6LrY2lZh2wzo8BTGPUV966ekns

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks