Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06c4fbf231c116c64836cce06ae10e62a6af7ea566b1cf789165aaca366d03e5

  • Size

    1.5MB

  • Sample

    210926-qckf2aehd2

  • MD5

    36f245f113c0a267b3a2dd4793edcc96

  • SHA1

    176bf1b48bd9d6d7ac75c4e20a87ed0d2cf69e94

  • SHA256

    06c4fbf231c116c64836cce06ae10e62a6af7ea566b1cf789165aaca366d03e5

  • SHA512

    bc34b8944e7e24a4963ac6d09bdb2d1f5b6ed50a6cc0976a800b0f56b7b04966bb459f7f26b312ac833618ef13d1a90de0df5e4117c6337b43bca11ff1cc3397

Score
10/10
vidarspywarestealer

Malware Config

Targets

    • Target

      06c4fbf231c116c64836cce06ae10e62a6af7ea566b1cf789165aaca366d03e5

    • Size

      1.5MB

    • MD5

      36f245f113c0a267b3a2dd4793edcc96

    • SHA1

      176bf1b48bd9d6d7ac75c4e20a87ed0d2cf69e94

    • SHA256

      06c4fbf231c116c64836cce06ae10e62a6af7ea566b1cf789165aaca366d03e5

    • SHA512

      bc34b8944e7e24a4963ac6d09bdb2d1f5b6ed50a6cc0976a800b0f56b7b04966bb459f7f26b312ac833618ef13d1a90de0df5e4117c6337b43bca11ff1cc3397

    Score
    10/10
    vidarspywarestealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks