Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9e0e3c424a4d69567a36fcf3c26ed7145fdd18fe35178cf168de1df54a823cc6

  • Size

    1.5MB

  • Sample

    240628-jwmbeayfja

  • MD5

    7a88ca363e205dfa072b61dd0142b35a

  • SHA1

    ef7072f548332afebdc58fbd0cf51136cc6215d1

  • SHA256

    9e0e3c424a4d69567a36fcf3c26ed7145fdd18fe35178cf168de1df54a823cc6

  • SHA512

    f2a18f0bf6b0048dccf525cebee0aec3b87b44b7519cfb286397f96249fdb2e08e72a97fe49c5f285f660776882f9af6b12f05fce0d63e1e5347094ea84813ed

  • SSDEEP

    24576:BXc46Crf8fyeacHps+/qASfmBgXk/xrADOv1xvF87uLwmnq:BXl8aeHHO+SASagXkJr4MDkUwm

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

    • Target

      9e0e3c424a4d69567a36fcf3c26ed7145fdd18fe35178cf168de1df54a823cc6

    • Size

      1.5MB

    • MD5

      7a88ca363e205dfa072b61dd0142b35a

    • SHA1

      ef7072f548332afebdc58fbd0cf51136cc6215d1

    • SHA256

      9e0e3c424a4d69567a36fcf3c26ed7145fdd18fe35178cf168de1df54a823cc6

    • SHA512

      f2a18f0bf6b0048dccf525cebee0aec3b87b44b7519cfb286397f96249fdb2e08e72a97fe49c5f285f660776882f9af6b12f05fce0d63e1e5347094ea84813ed

    • SSDEEP

      24576:BXc46Crf8fyeacHps+/qASfmBgXk/xrADOv1xvF87uLwmnq:BXl8aeHHO+SASagXkJr4MDkUwm

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks