Description
Ransomware which is a variant of the STOP family.
b2a7ab12fd91fab7767d41fa9cf06369.exe
808KB
211020-g4xe8shfcl
b2a7ab12fd91fab7767d41fa9cf06369
0af43e5510d68f712dc2e05bdab07a86cbdac895
4b3e6a191ab050a87aeeb8a650290c4e217e9508971beeb929417d13d89292e2
e601c95ffadb3035ad231246ba60bf2ff71d0cc21fa02903e04a28e476b748a2d7ba8b3eaa029352e94b07fe163b9e5a0801861b556622d6dd0c98ec85e183ae
Family | vidar |
Version | 41.5 |
Botnet | 517 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 517 |
Family | djvu |
C2 |
http://rlrz.org/lancer |
b2a7ab12fd91fab7767d41fa9cf06369.exe
b2a7ab12fd91fab7767d41fa9cf06369
808KB
0af43e5510d68f712dc2e05bdab07a86cbdac895
4b3e6a191ab050a87aeeb8a650290c4e217e9508971beeb929417d13d89292e2
e601c95ffadb3035ad231246ba60bf2ff71d0cc21fa02903e04a28e476b748a2d7ba8b3eaa029352e94b07fe163b9e5a0801861b556622d6dd0c98ec85e183ae
Ransomware which is a variant of the STOP family.
Vidar is an infostealer based on Arkei stealer.
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.