Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cd53d2bae5ec8268dfe72cdea2f284d4a4d99a8a6714d18d89dd25119921ec6a

  • Size

    208KB

  • Sample

    240417-qnc64aah2w

  • MD5

    1a2a6c838cb1cfe7d377108a5b84d238

  • SHA1

    017c35eb15807f02659335df49f53ffd4100a1c5

  • SHA256

    cd53d2bae5ec8268dfe72cdea2f284d4a4d99a8a6714d18d89dd25119921ec6a

  • SHA512

    0fb779aa44920e038c9f82b0e4d41558e2e918b0b535ea34d08a5376f5d9da80ef2f9af546a637222852d0ca4d87add34504e68c38eb66d24b8f8d16671c0fa7

  • SSDEEP

    6144:8zpmfEWWyd5XT1KrcASpMHp0CaSPRbzp6m:nIydCrjSGCPe5

Malware Config

Extracted

Family

vidar

Version

8.5

Botnet

e1d2225c9e4727fe2818a17924d7e065

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes
  • profile_id_v2

    e1d2225c9e4727fe2818a17924d7e065

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      5230c370cbdb95a2f4a30e70b7ac6a857af81c9498ef473704778fe86e6dbe1e.exe

    • Size

      224KB

    • MD5

      769c8ad3f187882a49cda5d26103730c

    • SHA1

      dae972d44336ffbb28509eabe946e83972166502

    • SHA256

      5230c370cbdb95a2f4a30e70b7ac6a857af81c9498ef473704778fe86e6dbe1e

    • SHA512

      08a5f80741ea4b0325efe15ad69feb44f4ea1a8ace70f072109f4ec19ad4bc56185aa5f3f734b03906ad3691f9cae43aea3a4ba88e507f97a753e11ca913669c

    • SSDEEP

      3072:Q52Gig7F8wUC1mK2iKkb8YxhX7EQXdeBvR/P4ieqSgvBEn/zcAGqxp6qUDbKSB/:sdF8l9sKqHbYQU/BSg5En/zqq/6qU/

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks