Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4340006b139b6726e42842e783567eadcf281987106c24dd274b5719974b35c6

  • Size

    194KB

  • Sample

    230124-l14glaae46

  • MD5

    9c54d3a68e9a793f826b3ad179f37caf

  • SHA1

    1a48feaeefbd04b0da4cc48c7f469b3003974cda

  • SHA256

    4340006b139b6726e42842e783567eadcf281987106c24dd274b5719974b35c6

  • SHA512

    c639bdc251cf0a8437f850d17bba56e7feddc0161fa674368a72a78e23196ab6b44df1f7278768f2ce697c298305f8ac9eb48a8af9901655b871c376bdcb2158

  • SSDEEP

    3072:nBN0XKbDU8LE7+3m85HD6/IEsplgS07CZKwq4+fY+00Wnxa:BiuLE7Im0TEYuS0+G90b

Score
10/10
vidar237discoveryevasionspywarestealertrojanupx

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

237

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815
Attributes
  • profile_id

    237

Targets

    • Target

      4340006b139b6726e42842e783567eadcf281987106c24dd274b5719974b35c6

    • Size

      194KB

    • MD5

      9c54d3a68e9a793f826b3ad179f37caf

    • SHA1

      1a48feaeefbd04b0da4cc48c7f469b3003974cda

    • SHA256

      4340006b139b6726e42842e783567eadcf281987106c24dd274b5719974b35c6

    • SHA512

      c639bdc251cf0a8437f850d17bba56e7feddc0161fa674368a72a78e23196ab6b44df1f7278768f2ce697c298305f8ac9eb48a8af9901655b871c376bdcb2158

    • SSDEEP

      3072:nBN0XKbDU8LE7+3m85HD6/IEsplgS07CZKwq4+fY+00Wnxa:BiuLE7Im0TEYuS0+G90b

    Score
    10/10
    vidar237discoveryevasionspywarestealertrojanupx

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks