Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
S0FTWARE.zip
-
Size
150.4MB
-
Sample
241102-cp4hsazjem
-
MD5
55917cb8e6da1b0c6a12f2ad056928da
-
SHA1
2e32942b38afeaab268ae958b4cb5c6732688081
-
SHA256
15f274ebebfa08bed4cfd70447696f8f2eb3c0444aa33b572b0c370085f324ad
-
SHA512
48a7d80dbcdf4bfcb78e45f3ae56146ef620990d63e048713ca75aad7aa0954b7b4e4ea83d77071ca74a34dcd2003f7d5e879421a74773e365008cd738f788a2
-
SSDEEP
3145728:0YQyuFWIZb52RZZCLmup5274CjdLpLqGW5XKsV1FhGG+S3rgmRhqOM:BuFWK81C6up5274gdLpLqGW5XKK1/rgD
Malware Config
Extracted
vidar
https://t.me/asg7rd
https://steamcommunity.com/profiles/76561199794498376
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
S0FTWARE.zip
-
Size
150.4MB
-
MD5
55917cb8e6da1b0c6a12f2ad056928da
-
SHA1
2e32942b38afeaab268ae958b4cb5c6732688081
-
SHA256
15f274ebebfa08bed4cfd70447696f8f2eb3c0444aa33b572b0c370085f324ad
-
SHA512
48a7d80dbcdf4bfcb78e45f3ae56146ef620990d63e048713ca75aad7aa0954b7b4e4ea83d77071ca74a34dcd2003f7d5e879421a74773e365008cd738f788a2
-
SSDEEP
3145728:0YQyuFWIZb52RZZCLmup5274CjdLpLqGW5XKsV1FhGG+S3rgmRhqOM:BuFWK81C6up5274gdLpLqGW5XKK1/rgD
-
Detect Vidar Stealer
-
Vidar family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1