Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66c341d48735f5dd986e00e276d8daf790a2a0686a9626235ebebf29fe7ecd73

  • Size

    1.5MB

  • Sample

    210926-vhmwkafbe4

  • MD5

    104695f03a174386a2e494387c47ded6

  • SHA1

    e17ebbe8425bcebec2d283062b2327db6909b3ad

  • SHA256

    66c341d48735f5dd986e00e276d8daf790a2a0686a9626235ebebf29fe7ecd73

  • SHA512

    287fcf67760a5c7c67b18f6605e0dddbd9b719324aa5403029841f2a3049c58a0a5ea66a5d6eba356eeaeb6cc455710734a9630708b4eab13cc316a2f1be937b

Score
10/10
vidarspywarestealer

Malware Config

Targets

    • Target

      66c341d48735f5dd986e00e276d8daf790a2a0686a9626235ebebf29fe7ecd73

    • Size

      1.5MB

    • MD5

      104695f03a174386a2e494387c47ded6

    • SHA1

      e17ebbe8425bcebec2d283062b2327db6909b3ad

    • SHA256

      66c341d48735f5dd986e00e276d8daf790a2a0686a9626235ebebf29fe7ecd73

    • SHA512

      287fcf67760a5c7c67b18f6605e0dddbd9b719324aa5403029841f2a3049c58a0a5ea66a5d6eba356eeaeb6cc455710734a9630708b4eab13cc316a2f1be937b

    Score
    10/10
    vidarspywarestealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks