Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e31bb5ae1331089d5eaed1923e2928bf37b2b609ce85d7fb6f5db3de17469a50

  • Size

    223KB

  • Sample

    240417-p763vahg5t

  • MD5

    7f421ed6a9fca8ed5b2c29be8b93d106

  • SHA1

    f7081f890697c54ae045c02c1399a8ee2a25823b

  • SHA256

    e31bb5ae1331089d5eaed1923e2928bf37b2b609ce85d7fb6f5db3de17469a50

  • SHA512

    e9f4b78ef8fcae244a0fda25313e0e5071807487124d09a38a1f34b75ef7c252e178dd557c2231cb8b45a83967e1a4fe82c3ff8631c34c02417a2668346262a0

  • SSDEEP

    3072:YErlBzheVDQ+vv0ZmAMf8aC/ZedmE13QLlv+nIIEn6XmPjs88n8GyprsR:YscS+vvcmAMEPIWpWE6XArDXu

Score
10/10

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      be2346fa2bef1b558f011862043e37bf5cef8b2290202a64a450a08750820462.exe

    • Size

      234KB

    • MD5

      7c665575a095a3d95e8fd3db9f68dbda

    • SHA1

      9702fa88095963c1d336cd48bca362a2b33a530e

    • SHA256

      be2346fa2bef1b558f011862043e37bf5cef8b2290202a64a450a08750820462

    • SHA512

      2d300feb63df4a08d5ff5e235cc2f6e2f293e3a19a012ee75a933e6992c09e6fb2964fcf5f7fd3443c7fff7a66291bfa4bb1acbc0d9bb9fdd1e36c266a59736f

    • SSDEEP

      6144:TaYIfJebpHDjRu5Wh//MdHavp1RyPaBWuWR0PIDqmvYWx:3I+5EEwCpePae68Ws

    Score
    10/10
    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks