Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

TradingView_PRO.rar

windows10-1703-x64

1

Soft.exe

windows10-1703-x64

10

dll/Entity...er.dll

windows10-1703-x64

1

dll/Feedba...on.dll

windows10-1703-x64

1

dll/FileReport.dll

windows10-1703-x64

1

dll/SQLite...op.dll

windows10-1703-x64

3

dll/iTunes...LR.dll

windows10-1703-x64

1

dll/iTunes...on.dll

windows10-1703-x64

1

dll/libcurl.dll

windows10-1703-x64

1

dll/libdispatch.dll

windows10-1703-x64

1

dll/libicuin.dll

windows10-1703-x64

1

dll/libicuuc.dll

windows10-1703-x64

1

dll/libssl...64.dll

windows10-1703-x64

1

dll/libxml2.dll

windows10-1703-x64

1

dll/tk86t.dll

windows10-1703-x64

1

dll/ucrtbase.dll

windows10-1703-x64

1

dll/zlib1.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TradingView_PRO.rar

  • Size

    6.8MB

  • Sample

    241011-my22estdlm

  • MD5

    c4e366fb7c1875db195b6665d170f16f

  • SHA1

    8d88e33867fa7af02d1fb62a9e698676461e2846

  • SHA256

    e9c35b32ff5f1637e1057d36a26c622dde0744d5004cd55ddf43800196f92e04

  • SHA512

    e229546b1b3b7f845024d5669b60d3a2528f5125273f53aa60ee02a291dc0118eb710e570f27b9502477138311a9d8fc08f21e6673f98d40ad9f98d7ed215dd0

  • SSDEEP

    196608:E71OrLjmS48jWd0ppe14PBgaGAkYDACKbWSx9:UOnSbOpp44PBgaGATGl

Score
10/10
vidar91ee094dd9ffff7505d0f982e8e1ca3fcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

91ee094dd9ffff7505d0f982e8e1ca3f

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      TradingView_PRO.rar

    • Size

      6.8MB

    • MD5

      c4e366fb7c1875db195b6665d170f16f

    • SHA1

      8d88e33867fa7af02d1fb62a9e698676461e2846

    • SHA256

      e9c35b32ff5f1637e1057d36a26c622dde0744d5004cd55ddf43800196f92e04

    • SHA512

      e229546b1b3b7f845024d5669b60d3a2528f5125273f53aa60ee02a291dc0118eb710e570f27b9502477138311a9d8fc08f21e6673f98d40ad9f98d7ed215dd0

    • SSDEEP

      196608:E71OrLjmS48jWd0ppe14PBgaGAkYDACKbWSx9:UOnSbOpp44PBgaGATGl

    Score
    1/10
    behavioral1

    • Target

      Soft.exe

    • Size

      11.6MB

    • MD5

      e07f44a87703de090d1eb0dccd846553

    • SHA1

      7905082ab227b83cf2ae74617828ad363d0ec8d6

    • SHA256

      11c38e3bd3e0cd2b4f783efe5bd007e0ffe28162c5e343509028719a437810d8

    • SHA512

      0c859e2c52cc3e0ceeaf6fefe7d7c4f5bec3dc9822207c841ce96501364e987e1a2aaa828cbb2840e8c61ee002dd631355969e11ff7fef678d132819046ee1f4

    • SSDEEP

      49152:f6CsLrzgdhBxDv9nWzUQBzD5I574hzdHmjh7ezq5DZ6rUSpSUDmPsCGd/5Nj11lm:bs/zgdtDBEUuH8VxnSNf+SOSkln

    Score
    10/10
    vidar91ee094dd9ffff7505d0f982e8e1ca3fcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral2

    • Target

      dll/EntityFramework.SqlServer.dll

    • Size

      577KB

    • MD5

      af1646b1c2227ab206d855bd068535cf

    • SHA1

      3cd982ad2fb00a50151d7f416e4b05f79528496e

    • SHA256

      a960dd4d2f0f37b3c09ffb9567c32426b8791310d7eb935c04c819c3d46bd49e

    • SHA512

      04eb6b5ec3a1655ae2fc661f6f9053f7743a2c624c4e8b0e1e6660fcb135a847adda27919ae8f38987e370e0114bd5ce45e01f1c894019a864a22cae3d24af0a

    • SSDEEP

      6144:EcK9UcUZV25QiE0U0CxzB6zHK1HHYkIfPQG2puGeqVmjaVmnS4bfu65+:fcuV200veIJu65

    Score
    1/10
    behavioral3

    • Target

      dll/FeedbackCommon.dll

    • Size

      307KB

    • MD5

      9a6a4c9dec73c5a28ed4c7f7cc3e0c3e

    • SHA1

      84f547be9b4b6112a5b8ada27b72f6609c4c566d

    • SHA256

      fe9bb227f2faef7d6b4fd00c823ef584b93c40aba9d82ecb0d970910e99679ce

    • SHA512

      bb84611f93f947b65b839ab859d79b4f6994348ebf68f735b2c30bd58a686e2c5e127a074a027f3f5afc5c536fc40dcad43af5e302cb409e0c6248fa1bbce82d

    • SSDEEP

      6144:VqN+kNEbSraPv82L1I9kure9z/5XI2Q1DnopldLy+L:y6bSmPvJgczR5Q1Kyq

    Score
    1/10
    behavioral4

    • Target

      dll/FileReport.dll

    • Size

      105KB

    • MD5

      a0a885bd902a59309bbe4d7d08afada1

    • SHA1

      0c11373f753c74e732f8a1efa433831298728697

    • SHA256

      7b5db936d7af2bb3bbfd6b44310f44806c21391a52a41e365acef4db9a18c8f0

    • SHA512

      6f7d1c55df83ca0b07411ba02518afb24cb16b2cb7b33f06690ac459e7839fad58e4c4d6668e5074f43d684f52d1d41a733c1000a1889e6410c3bcffa526bcf3

    • SSDEEP

      1536:1556cODOs2gM15o/bKM+Jsf7Vg7kQqO2ypykKZqrzt5zSs/I6Sv7HxgN6W:1ifOse15aOJsf2+yjKorzt5zHAvv6N6W

    Score
    1/10
    behavioral5

    • Target

      dll/SQLite.Interop.dll

    • Size

      1.2MB

    • MD5

      eaebd32500264123ef3f2a4cd2aee629

    • SHA1

      ee7976940c545759bbb0a0047f0fa6cd970c30f5

    • SHA256

      a7f95a7eed84db9cf419c03a7c05231fdedf3a042fd10259e6938eedbda3a1ac

    • SHA512

      fcfdf839d7bfa920483314e3e3ab0b0c83669883a6c5c7abd5966fd7ca14940bb07dab219dc22031941e4155b2f4fc7bd8fb76c639b191dce052df7f537da62b

    • SSDEEP

      24576:RKE4r0RaYdKYR7KtLqUmZRDiJC7Z2CQiQYZh5YAIQLs:8hr0RZ5RGtA0KpcYZ8tEs

    Score
    3/10
    discovery
    behavioral6

    • Target

      dll/iTunesRepairCLR.dll

    • Size

      251KB

    • MD5

      91156eecd5a86a359116c590d27466c8

    • SHA1

      695dcce166e4782c485f3e8e56c08873e0bd4504

    • SHA256

      51ca7821ff22ae13d1216a72b9ed0137fb03c1c26a220999a07e11cf5c506ede

    • SHA512

      c71c62e4c7e0d4a8666a6aa5c99aa135d7e40824621026c2be6f2af41dff4b57cf1e64da8c0a6824454e2334bdc2affedadc952f07e27217dfee5b21d855474b

    • SSDEEP

      6144:vh7eqYdp7zSC1gz1quJimyHBeEZkOFIbvwcbTpO/0hRvrqSD/YHgCn0Ln:vh87zSYgz1quJimoBeEZkOFIbvdpHvDH

    Score
    1/10
    behavioral7

    • Target

      dll/iTunesRepairCommon.dll

    • Size

      418KB

    • MD5

      f06de1bc253f3cc89aad496291aa3a7f

    • SHA1

      96eec4a7c9ee6ca75dbd728d35d819115e4496c6

    • SHA256

      cefba3a426a57e4720307dd5990322162791f9ea444c9dad432d7cb7c2feb294

    • SHA512

      bcd43b508d79026f5489beb6ae052ca3e6f75e6dd418f816b4d2e638878628a78c91791eef83afee95a98274a5c660f5eb7939903f4d7d7d0de33887122f3717

    • SSDEEP

      6144:nrlNsxq6bOyE5uaqAKMCEhrcIzccMPktA/K8DC8KXgNNExOfm4dddxdddoVuwLND:nrsxR3MqD/XK86g5YNXz

    Score
    1/10
    behavioral8

    • Target

      dll/libcurl.dll

    • Size

      542KB

    • MD5

      07ac3e92e0ffd0b5b12f7ade2c310419

    • SHA1

      7d54530f6641f7ae3b597a3f26139a40bcf5ce9b

    • SHA256

      401e9665ccaead776d966b9064e8fb1b51d6cf22b3b134e1515b750714fd6b98

    • SHA512

      149154a2d0d360475d6d78738f608a6d22f29605c126e7bddcee365d40a410ef0739feb5c17a1af32899543a34519d2183242968640e29df0e03346e6847c882

    • SSDEEP

      12288:jA3uJu2rBBXQ5qNf8I+UkCVmDnw0NIjU6y+n/U7N:jA3uJrBXQ5qNNfkK8nw0ijxpUR

    Score
    1/10
    behavioral9

    • Target

      dll/libdispatch.dll

    • Size

      108KB

    • MD5

      2139af75442b468ad2a3b3c755a4da53

    • SHA1

      5f265b913bb8dc8eca773f57e38338a8829e84e5

    • SHA256

      459150bc518575cbd702c7e7f8df01d6e551d42354bd791bf75dfb1763afb622

    • SHA512

      87dfa3bb19a3f5912a809dd99ae38fcd8326302a0a93e3249b690996e5573216f719fcdd5c647baf67b72c4e971f42b33e155def6b0ce228bf8fb451bfb7debe

    • SSDEEP

      3072:UljbozJ/JwMCDADZ4TMiI1LfxeNRVGNa3x1B:gbEh7CDAWMiZwY

    Score
    1/10
    behavioral10

    • Target

      dll/libicuin.dll

    • Size

      2.4MB

    • MD5

      78c64b3156f8e070ccab351a96aab1e7

    • SHA1

      3383fc6cae65078b7be1681852837beda102dfac

    • SHA256

      25694350aea200b742dabc08576728856b3a4ebe479661737f14213323655ff5

    • SHA512

      1d20baf31fab11150b9507078723393a81abb2515bbde31fb36c41b1f576b7a603eec42c645f4efffc0bf7faec3833fd88d5c40b66c90b3f0c7619479319762a

    • SSDEEP

      24576:/QFxbR+M8IY5d0FQqv0bcSPcj4eA/bcnU92xkAfQORBAZm9TsTpdX:4z1iIY5d0F8bHjd4ny2AZm9yHX

    Score
    1/10
    behavioral11

    • Target

      dll/libicuuc.dll

    • Size

      1.5MB

    • MD5

      e4a7d8761e5b4d78370b4b530c904bff

    • SHA1

      fa26af028d250cfb5d199674cdf7f2e4b2ae70a7

    • SHA256

      df4a1e45fb00ef3eb58d9eccf3b87ff064206f29906119a8d58316dc73854d59

    • SHA512

      7089a0f7e5799f9c923b32a39295ab4e2b0c2567f0e7f41d6bce395856c7b8f3cc77d4ad32dd3287158f805d34184cef8477b64285522be5dbd4984cd9e92bb8

    • SSDEEP

      24576:8mOiW6DF68nc6aUI58Oj7Uc585mXPjpTpW7MY5:XOwF68nEjRjYiXX8n5

    Score
    1/10
    behavioral12

    • Target

      dll/libssl-1_1-x64.dll

    • Size

      676KB

    • MD5

      68fda88259572d37d733b6a4c6449ce3

    • SHA1

      cb6af4c75e5948dd2f84a8e6ed40066497225293

    • SHA256

      57eb8e72bbad676b997fb9616e6e758ef4fbaba92b84735f5bfef5f81821cf3a

    • SHA512

      9557a831f31ce1eb74b36ed1b2d4157393f08eaefa26d92458d405413f818798022bcf7825799f985f0f3fc158d20239660f5c6624baf88a755bfea2777e3b0b

    • SSDEEP

      12288:tqNXZzq3TPx1XI8afSk/bseSXnfIAGa/1R+CQGkQIEijxFMU2lvzC:bLXtafsp/1R3x9o9FMU2lvzC

    Score
    1/10
    behavioral13

    • Target

      dll/libxml2.dll

    • Size

      1.3MB

    • MD5

      e6e4bf12336d0ce68a20a2e89274e06a

    • SHA1

      8e0851a6df0eb49b92704d0ec3ed969d427eaed6

    • SHA256

      4be1bd36d8771b3bf521013077f254359668e46dd75e30f9b85490a328d9301f

    • SHA512

      e62746ee01ef6b4c39b813ff6ce5e41ee1675ff433067bb7d316146253c7b65a1d6ebd8daa1c0f7b567d54bc813d7e3bf707b52716d651e16f269a13ed248b7f

    • SSDEEP

      24576:lvSvQDyhQi62i16+7t7hMMaVQQGQaN3sAPTJ4zBnu3U6f:svQDy7etFuQQlaN3sAdeZM

    Score
    1/10
    behavioral14

    • Target

      dll/tk86t.dll

    • Size

      1.4MB

    • MD5

      fdc8a5d96f9576bd70aa1cadc2f21748

    • SHA1

      bae145525a18ce7e5bc69c5f43c6044de7b6e004

    • SHA256

      1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5

    • SHA512

      816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

    • SSDEEP

      24576:J7+Vm6O8hbcrckTNrkhaJVQhWnmb7u/DSe9qT03ZjLmFMoERDY5TUT/tXzddGyIK:JCQ69cYY9JVQWx/DSe9qTqJLUMPsJUT/

    Score
    1/10
    behavioral15

    • Target

      dll/ucrtbase.dll

    • Size

      1.1MB

    • MD5

      9cd0aff3e05fca90bf9a227c94669df6

    • SHA1

      2330e02db78010c44838f5c542edc7d4e1be00c8

    • SHA256

      fbed69a52fdcf571dd37fe4cc63cb86ed3732b5b998807f14968788027c00754

    • SHA512

      1f29aaf87dcea351f146121a812794ec51b5ad9b0373ad6872d34a51c2c4cc2a16a6ee3b3945a4ad885918d108ce4742f12d3e0c5dd9aaa5c5a4ce310e4cc08b

    • SSDEEP

      24576:iJG9DZM19Y7ieC9dQ8ODtLV8+BaC6EOxPcUz1RmxvSZX0ypHNHh:R/q1vOhq+BaPHxhp7

    Score
    1/10
    behavioral16

    • Target

      dll/zlib1.dll

    • Size

      100KB

    • MD5

      27481dd5b29d58ff9ec04a0ec36b1919

    • SHA1

      9832d9f0b88250ada3b2fc18f1c22810d960d2bc

    • SHA256

      d4accd4e268a6b846c10f66bb344de216788cf6721acdf810f67051559540ceb

    • SHA512

      d1507f962c1d97d4d74114ed7b3781d4bf15c3d85e04f365b52a43a92ef844cad5e801aed435c3cfbd231b8bd2c6e6d9b6896349dbea5849f0aa29b28890031a

    • SSDEEP

      3072:mzWFv0opgFRu932zghRGgtSubFYfxeNrfGNt1xC:mzWFvXaRu9ugHGgtSubpA+

    Score
    1/10
    behavioral17

MITRE ATT&CK Enterprise v15

Tasks