Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    147s
  • max time network
    159s
  • platform
    windows10_x64
  • resource
    win10-20220310-en
  • submitted
    21-03-2022 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aebfbaf72b832cf446789cedf82459f71587f48b2d44998d64215fafaf4b5fb6.exe

  • Size

    1.9MB

  • MD5

    d790fed581ba982731fc4257763d93b2

  • SHA1

    f91dbf1e6e81b266a1cfa1fe307fcd3b9d491b27

  • SHA256

    aebfbaf72b832cf446789cedf82459f71587f48b2d44998d64215fafaf4b5fb6

  • SHA512

    a207b39908c480c25c7d33b56ed6b6f6a3c16ff5624d12537bac6972a847ae7cb82736b5d52dcae25e36494e6144309101e177fde5a2c42bc23ae59dd4c150b1

Score
10/10
vidar909stealer

Malware Config

Extracted

Family

vidar

Version

50.8

Botnet

909

C2

https://ieji.de/@sam7al

https://ru.social/@s4m74l
Attributes
  • profile_id

    909

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 3 IoCs
    stealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aebfbaf72b832cf446789cedf82459f71587f48b2d44998d64215fafaf4b5fb6.exe
    "C:\Users\Admin\AppData\Local\Temp\aebfbaf72b832cf446789cedf82459f71587f48b2d44998d64215fafaf4b5fb6.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Windows\SysWOW64\mcbuilder.exe
      "C:\Windows\SysWOW64\mcbuilder.exe"
      2⤵
        PID:812
      • C:\Windows\SysWOW64\lodctr.exe
        "C:\Windows\SysWOW64\lodctr.exe"
        2⤵
          PID:744
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 476
            3⤵
            • Program crash
            PID:2008

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/744-129-0x0000000000400000-0x00000000004B1000-memory.dmp
        Filesize

        708KB

        Download
      • memory/744-133-0x0000000000400000-0x00000000004B1000-memory.dmp
        Filesize

        708KB

        Download
      • memory/744-132-0x0000000000400000-0x00000000004B1000-memory.dmp
        Filesize

        708KB

        Download
      • memory/1928-124-0x0000000005120000-0x000000000512A000-memory.dmp
        Filesize

        40KB

        Download
      • memory/1928-122-0x0000000005290000-0x0000000005322000-memory.dmp
        Filesize

        584KB

        Download
      • memory/1928-123-0x00000000051F0000-0x00000000056EE000-memory.dmp
        Filesize

        5.0MB

        Download
      • memory/1928-118-0x0000000073D80000-0x000000007446E000-memory.dmp
        Filesize

        6.9MB

        Download
      • memory/1928-125-0x0000000005330000-0x0000000005386000-memory.dmp
        Filesize

        344KB

        Download
      • memory/1928-126-0x00000000051F0000-0x00000000056EE000-memory.dmp
        Filesize

        5.0MB

        Download
      • memory/1928-127-0x0000000008810000-0x000000000890E000-memory.dmp
        Filesize

        1016KB

        Download
      • memory/1928-128-0x00000000056C0000-0x00000000056D4000-memory.dmp
        Filesize

        80KB

        Download
      • memory/1928-121-0x00000000056F0000-0x0000000005BEE000-memory.dmp
        Filesize

        5.0MB

        Download
      • memory/1928-120-0x0000000005150000-0x00000000051EC000-memory.dmp
        Filesize

        624KB

        Download
      • memory/1928-119-0x00000000005F0000-0x00000000007DE000-memory.dmp
        Filesize

        1.9MB

        Download
      • memory/1928-134-0x00000000706B0000-0x00000000706BD000-memory.dmp
        Filesize

        52KB

        Download