Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4aeb1a64c3f997a43a5ba1bb2f3e241773ff2314f37eb7aa51a5478365877b47

  • Size

    1.5MB

  • Sample

    210926-vcdeyafafj

  • MD5

    a9e0ad616c0ef883a681eb76418324b5

  • SHA1

    abe8542c74e680342b5286988a8c9eea6bdd7998

  • SHA256

    4aeb1a64c3f997a43a5ba1bb2f3e241773ff2314f37eb7aa51a5478365877b47

  • SHA512

    2606e46c9d9d35ea87f9a86f8e1da48abfaf2208d060e9e280a5c92f3f6db8e0ebd5831f3e73f0662ca7829a1c716504fab601cba93bdae1e5586082b80466e1

Score
10/10
vidarspywarestealer

Malware Config

Targets

    • Target

      4aeb1a64c3f997a43a5ba1bb2f3e241773ff2314f37eb7aa51a5478365877b47

    • Size

      1.5MB

    • MD5

      a9e0ad616c0ef883a681eb76418324b5

    • SHA1

      abe8542c74e680342b5286988a8c9eea6bdd7998

    • SHA256

      4aeb1a64c3f997a43a5ba1bb2f3e241773ff2314f37eb7aa51a5478365877b47

    • SHA512

      2606e46c9d9d35ea87f9a86f8e1da48abfaf2208d060e9e280a5c92f3f6db8e0ebd5831f3e73f0662ca7829a1c716504fab601cba93bdae1e5586082b80466e1

    Score
    10/10
    vidarspywarestealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks