Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6706a58566975b9cbee564ccd83c293b681e7285d3e27089230e9e4441be4125

  • Size

    11.4MB

  • Sample

    220924-1xgkzscbd6

  • MD5

    955ae05e966a84b8d258b9ec41a68b12

  • SHA1

    bcf7e805d033e2df0534f3bd90c81c788050f780

  • SHA256

    6706a58566975b9cbee564ccd83c293b681e7285d3e27089230e9e4441be4125

  • SHA512

    929d64d22304f4f8b68861ee0aae6f2c8fd09a3ccf10764fef0a414b5c75c0f1fd9b8a1fc74dffbac340843283926d12d7c14bdf31e577fe7e65eee56b36de9e

  • SSDEEP

    196608:i4QSbg8A/X2taX96wsnGnY4cvaixkMZoi0hOXXrpGNDKr8:iUh8i8

Score
10/10
vidar1680discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

54.6

Botnet

1680

C2

https://t.me/huobiinside

https://mas.to/@kyriazhs1975
Attributes
  • profile_id

    1680

Targets

    • Target

      6706a58566975b9cbee564ccd83c293b681e7285d3e27089230e9e4441be4125

    • Size

      11.4MB

    • MD5

      955ae05e966a84b8d258b9ec41a68b12

    • SHA1

      bcf7e805d033e2df0534f3bd90c81c788050f780

    • SHA256

      6706a58566975b9cbee564ccd83c293b681e7285d3e27089230e9e4441be4125

    • SHA512

      929d64d22304f4f8b68861ee0aae6f2c8fd09a3ccf10764fef0a414b5c75c0f1fd9b8a1fc74dffbac340843283926d12d7c14bdf31e577fe7e65eee56b36de9e

    • SSDEEP

      196608:i4QSbg8A/X2taX96wsnGnY4cvaixkMZoi0hOXXrpGNDKr8:iUh8i8

    Score
    10/10
    vidar1680discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks