Description
Ransomware which is a variant of the STOP family.
34bd96b36aa928eba8c112c3ae85924b58e446296a144965310147477bb4cc03
851KB
211020-qtft6saack
80ca42f1f48e4869f5eb96ea43213ec3
6a3b3384dfd30fc29a7fe14b7d5b2383861f21e7
34bd96b36aa928eba8c112c3ae85924b58e446296a144965310147477bb4cc03
023176b9a07d08a07cdefa857c1f5ac3e5b72d5cadae264dc7964a5431e6c7c6c96dd2224f24d7d3fc9e4c11d1cf6c01f75aa57d817208129e3fa001b78b8072
Family | vidar |
Version | 41.5 |
Botnet | 517 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 517 |
Family | djvu |
C2 |
http://rlrz.org/fhsgtsspen6 |
34bd96b36aa928eba8c112c3ae85924b58e446296a144965310147477bb4cc03
80ca42f1f48e4869f5eb96ea43213ec3
851KB
6a3b3384dfd30fc29a7fe14b7d5b2383861f21e7
34bd96b36aa928eba8c112c3ae85924b58e446296a144965310147477bb4cc03
023176b9a07d08a07cdefa857c1f5ac3e5b72d5cadae264dc7964a5431e6c7c6c96dd2224f24d7d3fc9e4c11d1cf6c01f75aa57d817208129e3fa001b78b8072
Ransomware which is a variant of the STOP family.
Vidar is an infostealer based on Arkei stealer.
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.