Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24579fec54ad6803c0e21f257ac1860898a74cd92d23484a562f1ca2212a1277

  • Size

    1.5MB

  • Sample

    210927-b494fafec4

  • MD5

    483cd36b07c2d778f9370a35d53e3546

  • SHA1

    96a2f5ceaf1b121b72cc473f0f79c501f9eed2db

  • SHA256

    24579fec54ad6803c0e21f257ac1860898a74cd92d23484a562f1ca2212a1277

  • SHA512

    63be02d49a2902b09873ccd804515d6e5204320cc4e70bd94586848ed97b2a3e4d7462d35865a0b7ee132cf61790c21d7cde5c693b185b7c66060132fede8f26

Score
10/10
vidarspywarestealer

Malware Config

Targets

    • Target

      24579fec54ad6803c0e21f257ac1860898a74cd92d23484a562f1ca2212a1277

    • Size

      1.5MB

    • MD5

      483cd36b07c2d778f9370a35d53e3546

    • SHA1

      96a2f5ceaf1b121b72cc473f0f79c501f9eed2db

    • SHA256

      24579fec54ad6803c0e21f257ac1860898a74cd92d23484a562f1ca2212a1277

    • SHA512

      63be02d49a2902b09873ccd804515d6e5204320cc4e70bd94586848ed97b2a3e4d7462d35865a0b7ee132cf61790c21d7cde5c693b185b7c66060132fede8f26

    Score
    10/10
    vidarspywarestealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks