Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Unlock_Tool_2.3.zip

  • Size

    26.2MB

  • Sample

    241016-27kaasycpe

  • MD5

    7ac1b1e4026b2f847e283de1a149da04

  • SHA1

    a7e1dcc1d1386094b17271181519ff94943f17b4

  • SHA256

    6a47bed443d129fb6c3661b64547971090889b7c1a8fdf8d27bd804d5f5dd1d8

  • SHA512

    6f340809c0de7c1a21ef0449ed945f8b0ddcfc4dde19d586c9d6c8119cebcf22022dbd106337b21b9cc86ceaa4108b9cf0dab9891165a3475d08285e5e2c3d85

  • SSDEEP

    786432:jYbolarHLcezVOkmJybtLe35N7X+f4kPA4:MRjLXOIRGN1i/

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

23a142269e47ce1692ccc9fb68473bc2

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      LICENSE.html

    • Size

      6.3MB

    • MD5

      6e638956244aaded2c92b77f9d421a81

    • SHA1

      f5269556b6fe04cfca5a1da21af718641708a666

    • SHA256

      652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e

    • SHA512

      f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1

    • SSDEEP

      24576:nPVZ5W5WS95zHIlGMmfu626s6W6a6q5AHOeQDph:SMn

    Score
    3/10
    • Target

      Unlock_Tool_2.3.exe

    • Size

      1.5MB

    • MD5

      875d0ab4d446da201127377ef3756d5e

    • SHA1

      45cdad2ed72f5d4956d13ffcee2002caabc68625

    • SHA256

      5067e33aee627b233fccbfa9516fdb2bb96216694a606986f986add251a856fd

    • SHA512

      4ee704b5cc1cf693a511ca555de476ec76fa39b9993fbde102545a390e91ae286c57f7c4cd717b56748a1549e1c28c5e7cfde994f61dac0b762b832fed4d769e

    • SSDEEP

      12288:1hzfw9F+PLs7BYQtUq6xGfMD/lienK07szdiNb4uhYUsZNYHjuO83IEO:Lw9FOYBYQ6xG0TI4QO4uhNSNYDu/4t

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      lesseeVariant/modules.dll

    • Size

      907KB

    • MD5

      dc05f0b8f1a32e872721d3486e6332b8

    • SHA1

      dbf055b0f934640fadcfaa93971fead8df7a3869

    • SHA256

      37ec5f998a5c376d4fcd4342b43a4163d1f043e0f7711e46677cd30013882723

    • SHA512

      0f89d713237ef11a1ef8d824ad9767bb13fb4f5f334acdd65af0ba6e54cec4a910398636683254b3fe4d46a069a1781187313684ff827a907b8b968134f6efa0

    • SSDEEP

      24576:z0OY4ZFajHYDTR2yfVbf+c6Z5WODYsHh6g3P0zAk75:z0CZFaj4HR2yfVbd6Z5WODYsHh6g3P03

    Score
    1/10
    • Target

      locales/resources/app.asar.unpacked/keytar.node

    • Size

      691KB

    • MD5

      c5c99144e2e1589628e14999ba59ad73

    • SHA1

      9c80f8de6b5cdaf38677d5368b5287bacb9e465a

    • SHA256

      90e35de89ab5e5f9290e4ff1bbadcf221a82b2aa0d9b922187dc980adff3c831

    • SHA512

      0bcb99953397c6604d8e08bf2ba89248ee82f92436c2dcc779157b65227b0e1350927273a1b6d150a9db914d0a8830680df05ef651ee291b40657a3025a721c5

    • SSDEEP

      12288:cRInDhSzUpqDDa2XX05VNpk4th460iQlp1Qk5wUFPcvKKR0JQQ8jKOx8:cOnDHpqnaskrdx

    Score
    1/10
    • Target

      locales/resources/app.asar.unpacked/native/tvdbridge.node

    • Size

      296KB

    • MD5

      e5526203a1a46494f6940c755189321a

    • SHA1

      fe8995c525a41c38ddfadcce065bd5a4f9d6a9cd

    • SHA256

      d849a98540c05e1d0e770bc7d72a5d88213430745acf7aec8ecc246e042d0aad

    • SHA512

      033fa4ba21d8086e516deddac9d25aaa4180b4c341ceb05c1ef9f86a790ebf22a4ee4eb9505da6703cd4309cee1e6be76dbdf4870f0c4d398bababde9facf899

    • SSDEEP

      6144:0MYYj6PQEzvJhuQlVvR+biOSvX3wa5zedaPqhUrYOv:uYj6PbzRhflVZ+dg395zedaPEe

    Score
    1/10
    • Target

      locales/resources/mkl_sequential.1.dll

    • Size

      24.4MB

    • MD5

      dc669a38669daa5f86ee691ab76f256a

    • SHA1

      d096b0e62e2cd804d1cdfc1cee97cfd88c6f3526

    • SHA256

      14d2183e60955af7844004fd394c38667a627804eebd23f88d8b2916803c0191

    • SHA512

      7c0fb218cc5403d25f0a50e500ed2cd5c1a2c95a6538edae366ec8e6dae2d6fcee0a047cb1c1f4b382630cf06d9f9aa140a7c37c7d6bc30008bfa5a03544f834

    • SSDEEP

      786432:jAjbotve5/l6Qofwx/xGHfHr9kmk5D0EnnP+IobqgGzt:jAjbotve5/l6Qofwx/xGHfHr9kmk5D0O

    Score
    1/10
    • Target

      locales/x86/ACE.dll

    • Size

      1.1MB

    • MD5

      d0ae82cdf9911bec3eddda128602af04

    • SHA1

      58e167521f2b028d03aeb6c926d34c2c969fa9c6

    • SHA256

      f9675304d13efaee32e6b4a3317b64231a59b684532a898d12b4e7ed88518afd

    • SHA512

      c1520462a8e02ab09e2a101207e88cf6861b48c32b7c2523047251496479740a84987fb19aba4dc8610abe2c81e5f7dbc80c51b8667f4953e17dda583d27557d

    • SSDEEP

      24576:tmGLzPLOXbuKR17zBXE+MXRHRg2yTEg863NzSxoopoo+F:v3jOyY7zB0+MXRHRg2iBrdzSqF

    Score
    3/10
    • Target

      locales/x86/AGM.dll

    • Size

      5.8MB

    • MD5

      b39b8d45413692ff856e9ba907256c2f

    • SHA1

      ab06b594a57b8bbe0f4c4ba80a12129953521667

    • SHA256

      ee32f4cbba3a601d57064695a8ed5955e1b9af984110d34504b8d5ebb132c084

    • SHA512

      1dcc8bbbc55ac27b0a0b96e28de73338b972e2998bc9c33439c32b721de811b2c9ecf6d7953dfbdfadcbcc0c64f56871d09ae953a449c516578e9e8b3e1df661

    • SSDEEP

      98304:lUpuc5sPE5fMZywrovF+rMnV17FVgvhiWaOuBue5SlIN:cuMCEZ3wrovF+a5Z

    Score
    3/10
    • Target

      locales/x86/AIDE.dll

    • Size

      2.0MB

    • MD5

      ad388ce4c2cc3aaff605994da782d57e

    • SHA1

      f43c3f588c77a34e8b81b63247ac1d7657016050

    • SHA256

      d3ba1adbfeef8f19e4aa570299c06d39a87dfc5fe3d85946270b722e44dacda7

    • SHA512

      f8e8f0fc5d8e01f8afe1aac55d3a301fa0019c6e80099616abf5a41c09aeabd0294e4391ddac170c2cd5bcff0b9e9cb4b559a2eca50a273e398083542065e27b

    • SSDEEP

      49152:h50rEANbHm4w0H5QZXjr/nZA9XANcZ4T5lQ:b0rEcbG4w0H5QZTrnZEmlu

    Score
    3/10
    • Target

      locales/x86/Acrobat/Acrobat32OL.dll

    • Size

      200KB

    • MD5

      18e5a6296e02efb842fb3d11ca0c7c63

    • SHA1

      1a774bc3ec960bf1d639b883ba34de0a101748a8

    • SHA256

      629b4cef2c394c6a1fad37e5ac6f497b3bdac489270d54f4e98c5dfc925ea883

    • SHA512

      66fe300a275d0dc403479668a3120e6eb9a84a28736e64b24afc37298e556589b40c191a83f5871b2ad1778e0a8a65f7a0878f29d409b2efb9d51531854c5198

    • SSDEEP

      6144:tbL7Ohthut5BCRVS989WUY+7F4C9WOOS0mvpMJDJ2C7ejmj:xL7ObhG5BZUYiF4C9WOOS0m+JD

    Score
    3/10
    • Target

      locales/x86/Acrobat/Onix32.dll

    • Size

      745KB

    • MD5

      e03d8bbcf584de58500efdac4c7b6a97

    • SHA1

      7aac481128eda876bc111b0cb33e202c68ef1f93

    • SHA256

      58cc0c31514e89a743c9b96c7892c256cd9daaa18bdcff784b8ddb1d5c15a163

    • SHA512

      eb3346b4d93137476f57eb43c87e4160b5d85431e2e9a75fbf4250161414d290eead6bcdadb290e23f13158ea265da880ddef1cad4b12cce60c0fa9d4f95c3d2

    • SSDEEP

      12288:JPuGQm/KqPd7dg3EPctRuVcnQUFkZrBzKWe5p7MQnowzk7NugLqKiaC3P2nYs8rh:gGQm/KqPd7dg3EPctRuVcnQUFkZrBzKz

    Score
    3/10
    • Target

      locales/x86/AdobeXMP.dll

    • Size

      887KB

    • MD5

      7c3033588c1a187918cf3fd246069a3f

    • SHA1

      2b637a9d37de604ae8e98fcbc73746ccc0402b31

    • SHA256

      e958f4ed8272a96e599ff9f0a79331e7b5109104a9d20d3f760c7eb162daf7e0

    • SHA512

      80d513d25477081c84af87e8127a02bb332204ad7399ac653a27ca726e446fd25518d36189bf90b10cbf34119d35501e006a2e06dbca5a96dc2348aff6b6fe91

    • SSDEEP

      24576:7CaZsdfNjJaN0OdQfLCKVkDavzVi5p5bafAAy4:7ZspNQVQdkahi5zaf5R

    Score
    3/10
    • Target

      locales/x86/BIB.dll

    • Size

      119KB

    • MD5

      404de37b800b661ebfaa218b20c8c0c6

    • SHA1

      2a2416b663ee9d9ec6325d2c70bf05be27a73eac

    • SHA256

      ca53407b356fcdea51a6d536447ed6b88ad14c87facf421080d141cae837eedc

    • SHA512

      e6d66bcb0da4ca5456dab376385c73a918fc13c4b0ab9a05d2324dbb7a9fcf197d727acfbedb15e55452b916c9afde0ed01b233868a88ae0f34ee01306289430

    • SSDEEP

      3072:x9mmiJ1WvqJ7fW7n/WY0EZrZsibdumKr9igRsNpKN02+OzHwn:TkaqJi7M0dO

    Score
    3/10
    • Target

      locales/x86/BIBUtils.dll

    • Size

      170KB

    • MD5

      79622b56347c1fd44b74bd4ea74cb813

    • SHA1

      51c1e13a4b5aad657c570149c529dd4963adf77a

    • SHA256

      0f2b3d012a9abe420bc36c62847bba6ca4478ceebc018bad2b19f22d481fcc10

    • SHA512

      ebc329e0d1d869107043e5b0a0e05d4322fa0a2bbc2c30411d51ce1b4b33778ee94f82ad072cc8cf75222f488e52bf52dfb7481edfdef3e39fd58259685ad195

    • SSDEEP

      3072:0VMWnX3e6TCL2ssOGpibdy1ZLKDZW7TPtAlgeoVA/sis/zquLtyQh1g:0JnHeKk2s03q0nh

    Score
    3/10
    • Target

      locales/x86/CoolType.dll

    • Size

      3.2MB

    • MD5

      6fb9f15b6a1dd1ee9cdb9b4ef290d69e

    • SHA1

      c5955655e9b96004a72bbb09aa72996f3ddaa539

    • SHA256

      d4a0db913fa555808ce627114fe6e2725970499c70364edbedf47d907d52242d

    • SHA512

      24be26d2e0dc3e05f786ce3eee815247261fe99e1bff08e689d71bf68e7d5340e942aaaefd9203569f63c23a5f5cb46c1ff6a2d91f2753fd6d78240fffa7beed

    • SSDEEP

      49152:37sVoVC47fsPVTs57ovd2MMg6NYpnd3EQUyfha+P/u6LSXvowU7u9qRXApP4Cqrt:37RCwfsdTk+dlb73ELyfhlf9K4Cqi3

    Score
    3/10
    • Target

      locales/x86/JP2KLib.dll

    • Size

      508KB

    • MD5

      73c0da5c825e3a2275dbef4f8dae0813

    • SHA1

      6f6191867fddf3c284066dd855512198c509d64c

    • SHA256

      979851cac4a2a0e394f06ca7139d7402911048b094f550dd9b33d1203ae92862

    • SHA512

      aa01cba77cf94d3a4c66ac7169414d4d7f91d8965d312bb46430b766affe0ff93c241a84ad9e1796c08c28fcbc613c9d98cde37b2b4914e801abff6c638a111b

    • SSDEEP

      12288:tskp3VH/G2LrUUIGVC3hCDfF5AzO5qkkZalIf+AGzVYu5uRcyef0njWcArh45j:tsK3VH/dlIGAGzqu07ef0qO

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

vidar23a142269e47ce1692ccc9fb68473bc2credential_accessdiscoveryspywarestealer
Score
10/10

behavioral4

vidar23a142269e47ce1692ccc9fb68473bc2credential_accessdiscoveryspywarestealer
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10