Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3458ffc1e52fb292176754dcf8d5db11d61d05bbc7d605d07d3ec39a0e2f739f

  • Size

    634KB

  • Sample

    211012-gdf1kabde7

  • MD5

    ad2939adf3c8dcf5ad3e34c06be43760

  • SHA1

    9c59d9ea216d2c4389112cdcf542c7aaf3fe2c8d

  • SHA256

    3458ffc1e52fb292176754dcf8d5db11d61d05bbc7d605d07d3ec39a0e2f739f

  • SHA512

    d16c4783774f4073f93b1076ef562f82001da283135bf84561b47bbf9e7422d8f5e6a52458b3eef6eaa440c4dd3f93a6c59eade1cb35c1e8abd25bf64ac8d1e9

Score
10/10
vidar1008discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Targets

    • Target

      3458ffc1e52fb292176754dcf8d5db11d61d05bbc7d605d07d3ec39a0e2f739f

    • Size

      634KB

    • MD5

      ad2939adf3c8dcf5ad3e34c06be43760

    • SHA1

      9c59d9ea216d2c4389112cdcf542c7aaf3fe2c8d

    • SHA256

      3458ffc1e52fb292176754dcf8d5db11d61d05bbc7d605d07d3ec39a0e2f739f

    • SHA512

      d16c4783774f4073f93b1076ef562f82001da283135bf84561b47bbf9e7422d8f5e6a52458b3eef6eaa440c4dd3f93a6c59eade1cb35c1e8abd25bf64ac8d1e9

    Score
    10/10
    vidar1008discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks