Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    @#LATEST_SoftWare_2024_PASSCODE_$.rar

  • Size

    51.5MB

  • Sample

    240429-l8wfysge5s

  • MD5

    c7c3d6aaa70594d6df0b8f3f40a7e2f6

  • SHA1

    74f4da75221222f336009025a358366eaf6c1d68

  • SHA256

    979e872622b1ae7ca6e9cb3599de8e400b3bfe537d3cb64261dffaa7956baa50

  • SHA512

    c23ea4a4c280a529e798a89525fa14b02156d18e8029edb93920dcc1144d1346eb5ff18ebbc80caf55ab391205d7fa0b19d5dab1e029db523648e4b26f7af0b1

  • SSDEEP

    786432:dMPQ7x53FKvsZTMlKxppk7c8joaJ6eWd7Gt9BZjQZfDG3q9PhUwuMr+NegCHR:dMP+/3F6StAoalWd7wOFawVRj

Malware Config

Extracted

Family

vidar

Botnet

04eb8f77b9c9e4d5a6a6e5a3b727c27e

C2

https://graims.xyz

https://steamcommunity.com/profiles/76561199677575543

https://t.me/snsb82

Attributes
  • profile_id_v2

    04eb8f77b9c9e4d5a6a6e5a3b727c27e

  • user_agent

    Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Targets

    • Target

      @#LATEST_SoftWare_2024_PASSCODE_$.rar

    • Size

      51.5MB

    • MD5

      c7c3d6aaa70594d6df0b8f3f40a7e2f6

    • SHA1

      74f4da75221222f336009025a358366eaf6c1d68

    • SHA256

      979e872622b1ae7ca6e9cb3599de8e400b3bfe537d3cb64261dffaa7956baa50

    • SHA512

      c23ea4a4c280a529e798a89525fa14b02156d18e8029edb93920dcc1144d1346eb5ff18ebbc80caf55ab391205d7fa0b19d5dab1e029db523648e4b26f7af0b1

    • SSDEEP

      786432:dMPQ7x53FKvsZTMlKxppk7c8joaJ6eWd7Gt9BZjQZfDG3q9PhUwuMr+NegCHR:dMP+/3F6StAoalWd7wOFawVRj

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks