Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c

  • Size

    407KB

  • Sample

    221229-t6g5jsgg4y

  • MD5

    3b6782cde711c6e73e09611c5041060e

  • SHA1

    412d9f6e64ebee4287eccff782f04943e5381d4f

  • SHA256

    740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c

  • SHA512

    d7883a046d9b153094f9f3e5970b78a9084de8472d219a325006a7652cdf5427641a0c10beef4aceaa4ad9d92ea1a2ccf8104588e51760200e7e85be37524c4e

  • SSDEEP

    6144:ZLy8zb4fAgGKnhd7CA6TzHFdKFAf2iwLR2TP0dainGyIxZ1WqqdS09h:Z+d494r7TabQEORMPMRnGdYX

Score
10/10
vidar19discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

1.7

Botnet

19

C2

https://t.me/robloxblackl

https://steamcommunity.com/profiles/76561199458928097
Attributes
  • profile_id

    19

Targets

    • Target

      740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c

    • Size

      407KB

    • MD5

      3b6782cde711c6e73e09611c5041060e

    • SHA1

      412d9f6e64ebee4287eccff782f04943e5381d4f

    • SHA256

      740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c

    • SHA512

      d7883a046d9b153094f9f3e5970b78a9084de8472d219a325006a7652cdf5427641a0c10beef4aceaa4ad9d92ea1a2ccf8104588e51760200e7e85be37524c4e

    • SSDEEP

      6144:ZLy8zb4fAgGKnhd7CA6TzHFdKFAf2iwLR2TP0dainGyIxZ1WqqdS09h:Z+d494r7TabQEORMPMRnGdYX

    Score
    10/10
    vidar19discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks