Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a75883103f5db0ce538c52fb1be6388be2729962cbd4dadd782794560b59d33

  • Size

    580KB

  • Sample

    241007-r8cazazajl

  • MD5

    9f5b0497057b3d00dfdbde5e71ab66d1

  • SHA1

    18c835643ae200aaf9b34f814164b46ea18e2c76

  • SHA256

    6a75883103f5db0ce538c52fb1be6388be2729962cbd4dadd782794560b59d33

  • SHA512

    0895874109604b0f67d60c88c764a95049222fdc1b6ddab0fc9355a4603560b1cbaefaa4613731ce58d86abed716ac74f348be790de83b714dcb8a03dbba81d5

  • SSDEEP

    12288:KK/vg3InPBzCvCUNWAXqeVw68Qeoc2dgfjteVD6h/zOBV4vowrKw:KKg3IP8vvNrXqeVL892d/XVbGp

Malware Config

Extracted

Family

vidar

C2

http://lade.petperfectcare.com:80

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      6a75883103f5db0ce538c52fb1be6388be2729962cbd4dadd782794560b59d33

    • Size

      580KB

    • MD5

      9f5b0497057b3d00dfdbde5e71ab66d1

    • SHA1

      18c835643ae200aaf9b34f814164b46ea18e2c76

    • SHA256

      6a75883103f5db0ce538c52fb1be6388be2729962cbd4dadd782794560b59d33

    • SHA512

      0895874109604b0f67d60c88c764a95049222fdc1b6ddab0fc9355a4603560b1cbaefaa4613731ce58d86abed716ac74f348be790de83b714dcb8a03dbba81d5

    • SSDEEP

      12288:KK/vg3InPBzCvCUNWAXqeVw68Qeoc2dgfjteVD6h/zOBV4vowrKw:KKg3IP8vvNrXqeVL892d/XVbGp

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks