Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_b2042114e2ee61b73463fd7c7c5204e3a0a7db1b978969d05ac383a8996dd4ea

  • Size

    787.9MB

  • Sample

    241230-ckct9strb1

  • MD5

    be8ae0d04e5bd79ff0696cc1c8e514f1

  • SHA1

    62761a0121c1fbad4633eae063440dc27fd4c446

  • SHA256

    b2042114e2ee61b73463fd7c7c5204e3a0a7db1b978969d05ac383a8996dd4ea

  • SHA512

    52001d421ac3f5909829ef9543897344209af06b32a5e7b920133f9b12a77a5237e679511131c51bb03d43fc851a19c13a5626777e929d2ee6b48f7123082ee9

  • SSDEEP

    196608:3zS5Qk2tZo846rosn5/Bsts7NGmzFBQNri:3+5T18hro2/BsKzzFBv

Malware Config

Extracted

Family

vidar

Version

5.2

Botnet

c1d7ad01e8d504b6baf1b90679c3c7b6

C2

https://steamcommunity.com/profiles/76561199541261200

https://t.me/vookihhfd

https://t.me/booliiksws

https://t.me/odyssey_tg

Attributes
  • profile_id_v2

    c1d7ad01e8d504b6baf1b90679c3c7b6

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.30 (KHTML, like Gecko) Chrome/115.0.1.0 Safari/537.30

Targets

    • Target

      JaffaCakes118_b2042114e2ee61b73463fd7c7c5204e3a0a7db1b978969d05ac383a8996dd4ea

    • Size

      787.9MB

    • MD5

      be8ae0d04e5bd79ff0696cc1c8e514f1

    • SHA1

      62761a0121c1fbad4633eae063440dc27fd4c446

    • SHA256

      b2042114e2ee61b73463fd7c7c5204e3a0a7db1b978969d05ac383a8996dd4ea

    • SHA512

      52001d421ac3f5909829ef9543897344209af06b32a5e7b920133f9b12a77a5237e679511131c51bb03d43fc851a19c13a5626777e929d2ee6b48f7123082ee9

    • SSDEEP

      196608:3zS5Qk2tZo846rosn5/Bsts7NGmzFBQNri:3+5T18hro2/BsKzzFBv

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks