Description
Ransomware which is a variant of the STOP family.
ae32c946908ef4757fbe5435f9b8dc2f07c490c94846d4019f821b7908fe7053
826KB
211020-am5lyshddk
ca802a3962404b53ea83d9c5bf837726
5f580edcf8f5e6f1ef58cb36d41b4155141bce82
ae32c946908ef4757fbe5435f9b8dc2f07c490c94846d4019f821b7908fe7053
ef41bc50b5278cc2185391aeebbb34bcb67968d7615bafaa6804d3ed60c6e095649615566f6087908b5dc00d788c490504f4ab9483ac72eb23f84ee287538776
Family | vidar |
Version | 41.5 |
Botnet | 517 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 517 |
Family | djvu |
C2 |
http://rlrz.org/fhsgtsspen6 |
ae32c946908ef4757fbe5435f9b8dc2f07c490c94846d4019f821b7908fe7053
ca802a3962404b53ea83d9c5bf837726
826KB
5f580edcf8f5e6f1ef58cb36d41b4155141bce82
ae32c946908ef4757fbe5435f9b8dc2f07c490c94846d4019f821b7908fe7053
ef41bc50b5278cc2185391aeebbb34bcb67968d7615bafaa6804d3ed60c6e095649615566f6087908b5dc00d788c490504f4ab9483ac72eb23f84ee287538776
Ransomware which is a variant of the STOP family.
Vidar is an infostealer based on Arkei stealer.
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.