Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c3301e1b4ec121f2562648796ef7d13408053849d9680d10f1d194e9ab894b5

  • Size

    2.2MB

  • Sample

    211117-kyxqlaegfn

  • MD5

    a3919cf297b18238230bc02e6e086cc5

  • SHA1

    3b655b7ca6be24f7475baa74265ae9f493fbca86

  • SHA256

    5c3301e1b4ec121f2562648796ef7d13408053849d9680d10f1d194e9ab894b5

  • SHA512

    4b49a783bcf5ec9f855ecb9e62f7bc2b86f71ab55f4c8bfce56c8f2083bf70376fc589ad29bddddfa723d66350af6a5d7a019359e046f68570a3e4648a8f8e77

Score
10/10
vidar869discoveryspywarestealersuricata

Malware Config

Extracted

Family

vidar

Version

48.6

Botnet

869

C2

https://mastodon.online/@valhalla

https://koyu.space/@valhalla
Attributes
  • profile_id

    869

Targets

    • Target

      5c3301e1b4ec121f2562648796ef7d13408053849d9680d10f1d194e9ab894b5

    • Size

      2.2MB

    • MD5

      a3919cf297b18238230bc02e6e086cc5

    • SHA1

      3b655b7ca6be24f7475baa74265ae9f493fbca86

    • SHA256

      5c3301e1b4ec121f2562648796ef7d13408053849d9680d10f1d194e9ab894b5

    • SHA512

      4b49a783bcf5ec9f855ecb9e62f7bc2b86f71ab55f4c8bfce56c8f2083bf70376fc589ad29bddddfa723d66350af6a5d7a019359e046f68570a3e4648a8f8e77

    Score
    10/10
    vidar869discoveryspywarestealersuricata

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata

    • suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

      suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

      suricata

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks