Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d60a233f1f311af46a17f2ab375b5df78388d878108f0c9ef59fefe531f4829

  • Size

    556KB

  • Sample

    221203-g19amabe58

  • MD5

    ac3ccd4f557380932a3007718a59ca96

  • SHA1

    7ef9bf9517e93e4dbca945855806fe5c7612fd5f

  • SHA256

    4d60a233f1f311af46a17f2ab375b5df78388d878108f0c9ef59fefe531f4829

  • SHA512

    3154849abfd4b6622659aa3763948bb7fbc952bae540451f428513a0259b649886bc0dc65c1281cd33af34797339231d9ff5ef160a3d9e1d189c2bba6c265dcd

  • SSDEEP

    12288:f9bBcNAHX3WTYGa5fWSBjbS4Vdz0n34yAD+4rua9fUjIdrWikNof:bcm3BNdBje4zz0noy+rua9fUj8W0

Score
10/10
vidar1881spywarestealer

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1881

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669
Attributes
  • profile_id

    1881

Targets

    • Target

      4d60a233f1f311af46a17f2ab375b5df78388d878108f0c9ef59fefe531f4829

    • Size

      556KB

    • MD5

      ac3ccd4f557380932a3007718a59ca96

    • SHA1

      7ef9bf9517e93e4dbca945855806fe5c7612fd5f

    • SHA256

      4d60a233f1f311af46a17f2ab375b5df78388d878108f0c9ef59fefe531f4829

    • SHA512

      3154849abfd4b6622659aa3763948bb7fbc952bae540451f428513a0259b649886bc0dc65c1281cd33af34797339231d9ff5ef160a3d9e1d189c2bba6c265dcd

    • SSDEEP

      12288:f9bBcNAHX3WTYGa5fWSBjbS4Vdz0n34yAD+4rua9fUjIdrWikNof:bcm3BNdBje4zz0noy+rua9fUj8W0

    Score
    10/10
    vidar1881spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks