Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50b638e989d84d747c67bb12e1383c03ac4ec2b088c19d907491709443348656

  • Size

    658KB

  • Sample

    210921-s4p7pshhe7

  • MD5

    5db29e87091c6c881f4b172400082a21

  • SHA1

    093768b94033ca5a3a2a4d7ec1527fb38653d78c

  • SHA256

    50b638e989d84d747c67bb12e1383c03ac4ec2b088c19d907491709443348656

  • SHA512

    b087aa2741612f240531c2d93d40610260dff50a81f6d4d10f1a82c1311d8522199b123b3a887f0231b05b74b8df4b195ee59eaf62f52bf0ca7f8f114ad6f1fc

Score
10/10
vidar828discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

40.9

Botnet

828

C2

https://stacenko668.tumblr.com/

Attributes
  • profile_id

    828

Targets

    • Target

      50b638e989d84d747c67bb12e1383c03ac4ec2b088c19d907491709443348656

    • Size

      658KB

    • MD5

      5db29e87091c6c881f4b172400082a21

    • SHA1

      093768b94033ca5a3a2a4d7ec1527fb38653d78c

    • SHA256

      50b638e989d84d747c67bb12e1383c03ac4ec2b088c19d907491709443348656

    • SHA512

      b087aa2741612f240531c2d93d40610260dff50a81f6d4d10f1a82c1311d8522199b123b3a887f0231b05b74b8df4b195ee59eaf62f52bf0ca7f8f114ad6f1fc

    Score
    10/10
    vidar828discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks