Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2636b0f988e2d2129d014b870101be731b72d39e4f8ff12156b1b523a5c36c6a

  • Size

    4.0MB

  • Sample

    211014-xwhj4sabg7

  • MD5

    9488b446052990dfb70a62e3efa57477

  • SHA1

    dbb32fc2c9e50ef42f4691ff21bd2b2c44d85fb5

  • SHA256

    2636b0f988e2d2129d014b870101be731b72d39e4f8ff12156b1b523a5c36c6a

  • SHA512

    fa47d55cc147f3abd5223e6d2d2261476f0e98632358d0176fc82f6a350eb17d5bce289bea7696106b9fd09f0a544360511acaada46901ac95d46fdb4d3ac918

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      2636b0f988e2d2129d014b870101be731b72d39e4f8ff12156b1b523a5c36c6a

    • Size

      4.0MB

    • MD5

      9488b446052990dfb70a62e3efa57477

    • SHA1

      dbb32fc2c9e50ef42f4691ff21bd2b2c44d85fb5

    • SHA256

      2636b0f988e2d2129d014b870101be731b72d39e4f8ff12156b1b523a5c36c6a

    • SHA512

      fa47d55cc147f3abd5223e6d2d2261476f0e98632358d0176fc82f6a350eb17d5bce289bea7696106b9fd09f0a544360511acaada46901ac95d46fdb4d3ac918

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks