Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
random.exe
-
Size
899KB
-
Sample
250207-skc32axkap
-
MD5
1e854cc21a0a1e0d4529eafa30f00c46
-
SHA1
7d46238f771042bee22b70555e69fbbecc556737
-
SHA256
435eaccabde5605bb4d9a13ae054c63dd4e5ad61025e0515702e8121cf0a9598
-
SHA512
278a7cee7819d5cc685dd9c075639968798341bac23718b15441d3b9b0d723eb7836e0329c5c5f096f54dcce826e8ea871d033385b72464637391a14b61f33fb
-
SSDEEP
24576:vZzss7nmV+EsC9s50bHp4H2gS1YuzusJGuYco03ddH:BI49EsqDH+cTG2NdH
Malware Config
Extracted
vidar
https://t.me/sok33tn
https://steamcommunity.com/profiles/76561199824159981
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0
Targets
-
-
Target
random.exe
-
Size
899KB
-
MD5
1e854cc21a0a1e0d4529eafa30f00c46
-
SHA1
7d46238f771042bee22b70555e69fbbecc556737
-
SHA256
435eaccabde5605bb4d9a13ae054c63dd4e5ad61025e0515702e8121cf0a9598
-
SHA512
278a7cee7819d5cc685dd9c075639968798341bac23718b15441d3b9b0d723eb7836e0329c5c5f096f54dcce826e8ea871d033385b72464637391a14b61f33fb
-
SSDEEP
24576:vZzss7nmV+EsC9s50bHp4H2gS1YuzusJGuYco03ddH:BI49EsqDH+cTG2NdH
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4