Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    787cd448a7ff9e11c343b70edaff28efb05b0d97d6311bf599a9eda2eb2d65be

  • Size

    554KB

  • Sample

    221202-snretshh79

  • MD5

    195df35a367c83f331b4928fc3bb4d84

  • SHA1

    e6ae230793c8f60ac2eafa3e4e754861766aba5b

  • SHA256

    787cd448a7ff9e11c343b70edaff28efb05b0d97d6311bf599a9eda2eb2d65be

  • SHA512

    253c8f2bfd8522ea827cd927c75a29b0bb5472b261e2f06f589cbc68105067c06f5774b66adcc0b6cb7ad84d044d9f356685d204d3ba3c740be3f307d2619d7b

  • SSDEEP

    12288:ATT7mskHDxoZDanzicg3gpQhjZ6Ecgl4ZDx9y6JKw7T9+TzhoUlR:AQHDxOKzg3gihjMgIyhw7Ejr

Score
10/10
vidar1881spywarestealer

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1881

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669
Attributes
  • profile_id

    1881

Targets

    • Target

      787cd448a7ff9e11c343b70edaff28efb05b0d97d6311bf599a9eda2eb2d65be

    • Size

      554KB

    • MD5

      195df35a367c83f331b4928fc3bb4d84

    • SHA1

      e6ae230793c8f60ac2eafa3e4e754861766aba5b

    • SHA256

      787cd448a7ff9e11c343b70edaff28efb05b0d97d6311bf599a9eda2eb2d65be

    • SHA512

      253c8f2bfd8522ea827cd927c75a29b0bb5472b261e2f06f589cbc68105067c06f5774b66adcc0b6cb7ad84d044d9f356685d204d3ba3c740be3f307d2619d7b

    • SSDEEP

      12288:ATT7mskHDxoZDanzicg3gpQhjZ6Ecgl4ZDx9y6JKw7T9+TzhoUlR:AQHDxOKzg3gihjMgIyhw7Ejr

    Score
    10/10
    vidar1881spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks