Extracted

• • Target

    377905232b3368e37412883e9103b01b63c4845977c02a3c99f14be2f85d92c1

  • Size

    797KB

  • MD5

    3a4f43491ddd022ab7e01519a5ed8943

  • SHA1

    0166b01cb32ca9f0e3d3fa4f219c3b311cf95866

  • SHA256

    377905232b3368e37412883e9103b01b63c4845977c02a3c99f14be2f85d92c1

  • SHA512

    55348b4108dfe6fdde451180f229338b9f71bea665db74be71b28332992082741d6cd3a8886114b70ba16cef1a8c9f98a2d2af888cdfa7fce784da8f06194b8b

  Score

  10^/10

  djvuvidar517discoverypersistenceransomwarestealersuricata

  • Djvu Ransomware

    Ransomware which is a variant of the STOP family.

    ransomwaredjvu

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

    suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

    suricata

  • suricata: ET MALWARE Win32/Filecoder.STOP Variant Public Key Download

    suricata: ET MALWARE Win32/Filecoder.STOP Variant Public Key Download

    suricata

  • suricata: ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key

    suricata: ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key

    suricata

  • suricata: ET MALWARE Win32/Vodkagats Loader Requesting Payload

    suricata: ET MALWARE Win32/Vodkagats Loader Requesting Payload

    suricata

  • Vidar Stealer

    stealer

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Modifies file permissions

    discovery

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1