Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    daa69519885c0f9f4947c4e6f82a0375656630e0abf55a345a536361f986252e

  • Size

    45KB

  • Sample

    211019-e79tmafca7

  • MD5

    291bea114eb566d39f69d8c2af059548

  • SHA1

    5a9fd8d8a1aa9e9ea1e6a01a55808b1040fae01a

  • SHA256

    daa69519885c0f9f4947c4e6f82a0375656630e0abf55a345a536361f986252e

  • SHA512

    e1df169940c3024bf20623088bfc5eb1c2b46763c247731a4a9b40770b37a2eb3dd7fc9246fe05337565676d1029e7236caa5876efe8576c6d58929a42e1b725

Score
10/10
evasionransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\read-me.txt

Ransom Note
All your files are Encrypted! For data recovery needs decryptor. How to buy decryptor: ---------------------------------------------------------------------------------------- | 1. Download Tor browser - https://www.torproject.org/ and install it. | 2. Open link in TOR browser - http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV | 3. Create Ticket ---------------------------------------------------------------------------------------- Note! This link is available via Tor Browser only. ------------------------------------------------------------ or http://helpqvrg3cc5mvb3.onion/ Your ID ���38 85 63 F0 70 C0 77 B8 39 4C 06 74 9C FB FB F1 2E F9 D6 71 9E 04 11 D5 14 9F EE F9 DC CC 93 16 B8 D1 5A 87 FD 12 94 D4 2B 4C 00 F7 E4 97 A4 7C 0B B7 D3 54 FA BA DD 11 A3 6D C2 C3 03 F4 31 2A 58 01 D0 56 9B 91 E3 EC 0D 4F 60 DF 53 E5 52 F0 C3 27 99 3E A8 10 19 E2 64 75 D5 5F C0 97 F4 FB B5 07 A2 30 60 70 86 3D C4 90 D7 E3 C2 73 35 65 BA 7D 6B 68 D2 02 96 C2 51 C1 73 BC 99 9C 5A DC 3B B2 E9 6E A1 10 5C 4D 04 45 55 C2 56 BA 37 A1 38 91 65 60 7A A4 56 E2 CE 5B 39 EB 47 C8 01 38 6C 77 F5 35 71 04 B9 8F D2 73 3F A3 80 BD 87 08 69 B6 EE 42 FC 62 B2 90 98 0D 3C 73 AF 3E BD 44 E3 B8 65 20 B2 B0 8C FC 80 1C 8D 50 D2 48 9C 89 5F 9D FC 20 7C 88 73 1F 4F 61 79 AF 5C E1 C4 84 C1 DD FE A0 BF B8 A3 67 25 1F F8 9A F8 DE 6E 96 22 EB 2E 42 54 70 C5 82 BC 5C 9C 11 51 CD 03 A8
URLs

http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV

http://helpqvrg3cc5mvb3.onion/

Targets

    • Target

      daa69519885c0f9f4947c4e6f82a0375656630e0abf55a345a536361f986252e

    • Size

      45KB

    • MD5

      291bea114eb566d39f69d8c2af059548

    • SHA1

      5a9fd8d8a1aa9e9ea1e6a01a55808b1040fae01a

    • SHA256

      daa69519885c0f9f4947c4e6f82a0375656630e0abf55a345a536361f986252e

    • SHA512

      e1df169940c3024bf20623088bfc5eb1c2b46763c247731a4a9b40770b37a2eb3dd7fc9246fe05337565676d1029e7236caa5876efe8576c6d58929a42e1b725

    Score
    10/10
    evasionransomwarespywarestealertrojan

    • Turns off Windows Defender SpyNet reporting

      evasion

    • Windows security bypass

      evasiontrojan

    • Nirsoft

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

3
T1089

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks