Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d3619f533adf751bce2326606b48923f5082c84f127914c88528a9109d2a7fa

  • Size

    2.8MB

  • Sample

    221206-t8pbmsee59

  • MD5

    0fd3c8d453f4ced35d4fa84cf66ae24d

  • SHA1

    a43c32a6cb243f75ea5e25c1c317b4a871a01ca2

  • SHA256

    2d3619f533adf751bce2326606b48923f5082c84f127914c88528a9109d2a7fa

  • SHA512

    ab5005e73b10b4e8339d8abac34a68946b2bca0b671142714c1b7257b9d1278e0b8b856d9f1fce2715fa109689e5dbd9ae15e10b3b5851f95cc5dd0e32bfd83c

  • SSDEEP

    49152:NSrBlNy3p51NtZGJAmXSQzxKM9u7Vc6YvZmkj9LTrXysL:NSrBlNy3DtZGJAmXSQzxK6uBc6YvZmk5

Score
10/10
vidar1148discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

56.1

Botnet

1148

C2

https://t.me/dishasta

https://steamcommunity.com/profiles/76561199441933804
Attributes
  • profile_id

    1148

Targets

    • Target

      2d3619f533adf751bce2326606b48923f5082c84f127914c88528a9109d2a7fa

    • Size

      2.8MB

    • MD5

      0fd3c8d453f4ced35d4fa84cf66ae24d

    • SHA1

      a43c32a6cb243f75ea5e25c1c317b4a871a01ca2

    • SHA256

      2d3619f533adf751bce2326606b48923f5082c84f127914c88528a9109d2a7fa

    • SHA512

      ab5005e73b10b4e8339d8abac34a68946b2bca0b671142714c1b7257b9d1278e0b8b856d9f1fce2715fa109689e5dbd9ae15e10b3b5851f95cc5dd0e32bfd83c

    • SSDEEP

      49152:NSrBlNy3p51NtZGJAmXSQzxKM9u7Vc6YvZmkj9LTrXysL:NSrBlNy3DtZGJAmXSQzxK6uBc6YvZmk5

    Score
    10/10
    vidar1148discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks