Description
Ransomware which is a variant of the STOP family.
590c910d4fa0efd681b71988cee0865b307ea23b3e6c654d82d6368c70495f0b
781KB
211021-gdzsnsagbm
dade951144ab6abc932c2bdc96bdef6f
1e1cf9c6390b27de327d773f85d6473bb1d837f1
590c910d4fa0efd681b71988cee0865b307ea23b3e6c654d82d6368c70495f0b
8442a919ad29ad0a1eeab30a0ee7015d6c836602fb38244db8b803a4376691676209baf194f2feb01408c81e4eee9a6ce4957440d4a86f45100ff8d1d0db3444
Family | vidar |
Version | 41.5 |
Botnet | 517 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 517 |
Family | djvu |
C2 |
http://rlrz.org/fhsgtsspen6 |
590c910d4fa0efd681b71988cee0865b307ea23b3e6c654d82d6368c70495f0b
dade951144ab6abc932c2bdc96bdef6f
781KB
1e1cf9c6390b27de327d773f85d6473bb1d837f1
590c910d4fa0efd681b71988cee0865b307ea23b3e6c654d82d6368c70495f0b
8442a919ad29ad0a1eeab30a0ee7015d6c836602fb38244db8b803a4376691676209baf194f2feb01408c81e4eee9a6ce4957440d4a86f45100ff8d1d0db3444
Ransomware which is a variant of the STOP family.
Vidar is an infostealer based on Arkei stealer.
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.