Overview

overview

8

Static

static

dridex

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40632f3f01035117faab6039b820848825ff839b472a02f11827784b428ac3eb

  • Size

    8.6MB

  • Sample

    211005-rt3jlshhf8

  • MD5

    3ab2c790255aaeb328042c08a8ded716

  • SHA1

    f1abac73efa2ef4fe098b22ba43b1b7ef280f5fe

  • SHA256

    40632f3f01035117faab6039b820848825ff839b472a02f11827784b428ac3eb

  • SHA512

    03eccf71b52d28b459d2bb78a5537f89ede4a9f0047a09bdbe8596f7f10a6cd9c07d6c85579973018f000ff31bd9687ace8fe04bd060c9b2871ba4f2010dc16e

Score
8/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      40632f3f01035117faab6039b820848825ff839b472a02f11827784b428ac3eb

    • Size

      8.6MB

    • MD5

      3ab2c790255aaeb328042c08a8ded716

    • SHA1

      f1abac73efa2ef4fe098b22ba43b1b7ef280f5fe

    • SHA256

      40632f3f01035117faab6039b820848825ff839b472a02f11827784b428ac3eb

    • SHA512

      03eccf71b52d28b459d2bb78a5537f89ede4a9f0047a09bdbe8596f7f10a6cd9c07d6c85579973018f000ff31bd9687ace8fe04bd060c9b2871ba4f2010dc16e

    Score
    8/10
    pyinstallerspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks