Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22160bff37828b82230aefd166033aad94ba11087c2bcabe744c14304b98724c

  • Size

    96KB

  • Sample

    211016-rlccfscae9

  • MD5

    17d00ffe0063ec458371dac451603184

  • SHA1

    b0b4d2802cd1c42e8e50f37e2bd03b457fd6b9b6

  • SHA256

    22160bff37828b82230aefd166033aad94ba11087c2bcabe744c14304b98724c

  • SHA512

    7f6b90e03427635c9ee72c4e4c3a90d19c123950391e24ea5f4f232ffb93507055e6269c0998c0a2760e16b341a034d5f949f9d70c7187b5b97624b748308aa1

Score
10/10

Malware Config

Targets

    • Target

      22160bff37828b82230aefd166033aad94ba11087c2bcabe744c14304b98724c

    • Size

      96KB

    • MD5

      17d00ffe0063ec458371dac451603184

    • SHA1

      b0b4d2802cd1c42e8e50f37e2bd03b457fd6b9b6

    • SHA256

      22160bff37828b82230aefd166033aad94ba11087c2bcabe744c14304b98724c

    • SHA512

      7f6b90e03427635c9ee72c4e4c3a90d19c123950391e24ea5f4f232ffb93507055e6269c0998c0a2760e16b341a034d5f949f9d70c7187b5b97624b748308aa1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks