Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4

  • Size

    988KB

  • Sample

    230414-ssbj6sbh8z

  • MD5

    66d5db3da9af5b8e8fc8ab5dec6ac73b

  • SHA1

    3128c0cec2ccdcd8d17bba1f6b50a8d7cac49d26

  • SHA256

    c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4

  • SHA512

    697cc93cd378d13097f46a3a73b51c61d62f421996ce538b4ad7e3663808200d1d2fb36a181fbbc51ef65bcaaff190a8d90b0a28980e75191ca2d0126d2eeb65

  • SSDEEP

    12288:MyAdYwUGsU7a7FP7Gp1tAe5fhBbYj3vY7IEDjoSgfNQGDyAcdYGybmIAl1zODhBc:Mp6707ahGXBfcjwEsIejHuG/joD

Score
10/10
modiloadervidarbe67f2b288274aabb4498979305ac4e1discoveryspywarestealertrojan

Malware Config

Extracted

Family

vidar

Version

3.4

Botnet

be67f2b288274aabb4498979305ac4e1

C2

https://steamcommunity.com/profiles/76561199494593681

https://t.me/auftriebs
Attributes
  • profile_id_v2

    be67f2b288274aabb4498979305ac4e1

  • user_agent

    Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0

Targets

    • Target

      c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4

    • Size

      988KB

    • MD5

      66d5db3da9af5b8e8fc8ab5dec6ac73b

    • SHA1

      3128c0cec2ccdcd8d17bba1f6b50a8d7cac49d26

    • SHA256

      c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4

    • SHA512

      697cc93cd378d13097f46a3a73b51c61d62f421996ce538b4ad7e3663808200d1d2fb36a181fbbc51ef65bcaaff190a8d90b0a28980e75191ca2d0126d2eeb65

    • SSDEEP

      12288:MyAdYwUGsU7a7FP7Gp1tAe5fhBbYj3vY7IEDjoSgfNQGDyAcdYGybmIAl1zODhBc:Mp6707ahGXBfcjwEsIejHuG/joD

    Score
    10/10
    modiloadervidarbe67f2b288274aabb4498979305ac4e1discoveryspywarestealertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks