Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a31450a0b45acf8004fe7f980f2ca4a47720653416d0810ef041732a42124776

  • Size

    1.5MB

  • Sample

    210927-apb3esfdbp

  • MD5

    0875ae6ce1e2894bcca8482e514605e0

  • SHA1

    3a6e52d76b42699f6c2c468c68f58f7c81adc5d2

  • SHA256

    a31450a0b45acf8004fe7f980f2ca4a47720653416d0810ef041732a42124776

  • SHA512

    d8135b1b03cf0cda374a6173cf760bc9476fcc36cba893b588190a1d1dbf85819a822d5f57309b0af1c89d5fb8990f3d650dc50b21cdc3570a4a5449cf152f76

Score
10/10
vidarspywarestealer

Malware Config

Targets

    • Target

      a31450a0b45acf8004fe7f980f2ca4a47720653416d0810ef041732a42124776

    • Size

      1.5MB

    • MD5

      0875ae6ce1e2894bcca8482e514605e0

    • SHA1

      3a6e52d76b42699f6c2c468c68f58f7c81adc5d2

    • SHA256

      a31450a0b45acf8004fe7f980f2ca4a47720653416d0810ef041732a42124776

    • SHA512

      d8135b1b03cf0cda374a6173cf760bc9476fcc36cba893b588190a1d1dbf85819a822d5f57309b0af1c89d5fb8990f3d650dc50b21cdc3570a4a5449cf152f76

    Score
    10/10
    vidarspywarestealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks