Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2025-01-25_51e643008ccf352807beb48afb4d8256_frostygoop_poet-rat_snatch

  • Size

    6.5MB

  • Sample

    250125-n7xzhatkfl

  • MD5

    51e643008ccf352807beb48afb4d8256

  • SHA1

    c3141194d7ccd2adfa8a8d4949f404a7fb080ccf

  • SHA256

    0f5802af85a680b7329f5a531f6d5194e786687fc26b549568991d9eee88a416

  • SHA512

    ca4f230cec8df23b860499d58ea3ee4cbb8bdfa41c2a6064a24649ef326bce54a84232ba3ca27cea6d74cb0b164d198b59a8ac8bd99d4aefae8aba4b27250114

  • SSDEEP

    98304:IqQQR1e4hd0WcPU/6xlwQBVqd7eFHgGfx/DoodfJ:rJIo/2lF/qd7eFA4ZJ

Score
10/10

Malware Config

Extracted

Family

vidar

C2

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

    • Target

      2025-01-25_51e643008ccf352807beb48afb4d8256_frostygoop_poet-rat_snatch

    • Size

      6.5MB

    • MD5

      51e643008ccf352807beb48afb4d8256

    • SHA1

      c3141194d7ccd2adfa8a8d4949f404a7fb080ccf

    • SHA256

      0f5802af85a680b7329f5a531f6d5194e786687fc26b549568991d9eee88a416

    • SHA512

      ca4f230cec8df23b860499d58ea3ee4cbb8bdfa41c2a6064a24649ef326bce54a84232ba3ca27cea6d74cb0b164d198b59a8ac8bd99d4aefae8aba4b27250114

    • SSDEEP

      98304:IqQQR1e4hd0WcPU/6xlwQBVqd7eFHgGfx/DoodfJ:rJIo/2lF/qd7eFA4ZJ

    Score
    10/10
    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks