Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b46441a4c6316b2bcb9aa309cc155bd01c26ed9d7a9e58ae3db70e0acb2b9d1

  • Size

    658KB

  • Sample

    210921-ttll7saaa3

  • MD5

    858ef0509c4d75e3aaf27d3ec4fdf4e8

  • SHA1

    2a9c3b0027b1dc7304cc164bf34ab80fc9acbd31

  • SHA256

    0b46441a4c6316b2bcb9aa309cc155bd01c26ed9d7a9e58ae3db70e0acb2b9d1

  • SHA512

    d3e4de6dcb4e51cac03b23b19fc06cde33f99a6408988f31f6e10fadd4e841a0648f3002d50bf8465f261a8f2942c8d642bdcf06ef36801434dcfd4974d44170

Score
10/10
vidar828discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

40.9

Botnet

828

C2

https://stacenko668.tumblr.com/

Attributes
  • profile_id

    828

Targets

    • Target

      0b46441a4c6316b2bcb9aa309cc155bd01c26ed9d7a9e58ae3db70e0acb2b9d1

    • Size

      658KB

    • MD5

      858ef0509c4d75e3aaf27d3ec4fdf4e8

    • SHA1

      2a9c3b0027b1dc7304cc164bf34ab80fc9acbd31

    • SHA256

      0b46441a4c6316b2bcb9aa309cc155bd01c26ed9d7a9e58ae3db70e0acb2b9d1

    • SHA512

      d3e4de6dcb4e51cac03b23b19fc06cde33f99a6408988f31f6e10fadd4e841a0648f3002d50bf8465f261a8f2942c8d642bdcf06ef36801434dcfd4974d44170

    Score
    10/10
    vidar828discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks