Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecb1b7cb33f3e5f032fd95ac06d0e32c360261997a92c64008d03a73c3efd03a

  • Size

    1.5MB

  • Sample

    210926-v2wmtafahp

  • MD5

    7b6fea607e21b6d98ba4cd6105e26680

  • SHA1

    823a2676173a23cfc9fe6e6710d9ff1cce677177

  • SHA256

    ecb1b7cb33f3e5f032fd95ac06d0e32c360261997a92c64008d03a73c3efd03a

  • SHA512

    b19f583661df1ac4f9126a9dd5a7ff2d567d3aa56e36c4029ce6af3044e39d08a19a42aa3dd7c04c20eaa78f8dc346c0912c224d943385d699e5cf03754757e2

Score
10/10
vidarspywarestealer

Malware Config

Targets

    • Target

      ecb1b7cb33f3e5f032fd95ac06d0e32c360261997a92c64008d03a73c3efd03a

    • Size

      1.5MB

    • MD5

      7b6fea607e21b6d98ba4cd6105e26680

    • SHA1

      823a2676173a23cfc9fe6e6710d9ff1cce677177

    • SHA256

      ecb1b7cb33f3e5f032fd95ac06d0e32c360261997a92c64008d03a73c3efd03a

    • SHA512

      b19f583661df1ac4f9126a9dd5a7ff2d567d3aa56e36c4029ce6af3044e39d08a19a42aa3dd7c04c20eaa78f8dc346c0912c224d943385d699e5cf03754757e2

    Score
    10/10
    vidarspywarestealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks