Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TORRENTOLD-1.exe

  • Size

    384KB

  • Sample

    241012-xkezvawckg

  • MD5

    e5eedc78a0a3ff607806e21ab267c553

  • SHA1

    25192b22de6978b9a9ef2099e3d2091d5b3cb1ca

  • SHA256

    ddf69adbff600c109b11204055b517b5fca9298e2765beac4e5a6fd762be4e9d

  • SHA512

    58204f12909ebba7f9d3f2006da6c9562acbdbf9b14046ddc734294760900eee1e562c1b5e204c369851f95f3474a5545e66605e2405eefdf57fa6b254b85cd5

  • SSDEEP

    6144:RKynBLh/DXvm55d7/8PbJ0XoJtmZSZBKkhzXgdg:IuDX+vd7EPF0XutVekhz6g

Malware Config

Extracted

Family

vidar

Version

11

Botnet

7e6c13833126d03adc9573b3325d5542

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Targets

    • Target

      TORRENTOLD-1.exe

    • Size

      384KB

    • MD5

      e5eedc78a0a3ff607806e21ab267c553

    • SHA1

      25192b22de6978b9a9ef2099e3d2091d5b3cb1ca

    • SHA256

      ddf69adbff600c109b11204055b517b5fca9298e2765beac4e5a6fd762be4e9d

    • SHA512

      58204f12909ebba7f9d3f2006da6c9562acbdbf9b14046ddc734294760900eee1e562c1b5e204c369851f95f3474a5545e66605e2405eefdf57fa6b254b85cd5

    • SSDEEP

      6144:RKynBLh/DXvm55d7/8PbJ0XoJtmZSZBKkhzXgdg:IuDX+vd7EPF0XutVekhz6g

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks