Description
Ransomware which is a variant of the STOP family.
ea93fadad8270e4f65d6af51e5309ab88ce19cb512bb5c5382eb6df296efdf5d
856KB
211020-v88wqahdd8
2cd4ac158f69f05084042efbc62484f7
90a281db9cbb6321e9799fa94ae99d765619f907
ea93fadad8270e4f65d6af51e5309ab88ce19cb512bb5c5382eb6df296efdf5d
0308b5a41a99bd5fb79ee07188c0fb877030a3398061116bbeaa31f0e85ad632daea6af2903c56099f6a16da51672327afb8bde074b02eb6ee83520d17138e71
Family | vidar |
Version | 41.5 |
Botnet | 517 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 517 |
Family | djvu |
C2 |
http://rlrz.org/fhsgtsspen6 |
ea93fadad8270e4f65d6af51e5309ab88ce19cb512bb5c5382eb6df296efdf5d
2cd4ac158f69f05084042efbc62484f7
856KB
90a281db9cbb6321e9799fa94ae99d765619f907
ea93fadad8270e4f65d6af51e5309ab88ce19cb512bb5c5382eb6df296efdf5d
0308b5a41a99bd5fb79ee07188c0fb877030a3398061116bbeaa31f0e85ad632daea6af2903c56099f6a16da51672327afb8bde074b02eb6ee83520d17138e71
Ransomware which is a variant of the STOP family.
Vidar is an infostealer based on Arkei stealer.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.