32644bca80e32c4cabe236c15a31aa9538c64349ae8d0a9a9371d9707b71821d | Triage

Submit
Reports

Overview

overview

8

Static

static

dridex

windows10_x64

8

Sharing

General

Target

32644bca80e32c4cabe236c15a31aa9538c64349ae8d0a9a9371d9707b71821d
Size

69KB
Sample

211020-my39gshghm
MD5

87809bbb605f9a0446f9f4e289dde0b4
SHA1

9ca27dc11bb6428c47cceb0f62bab494474ff408
SHA256

32644bca80e32c4cabe236c15a31aa9538c64349ae8d0a9a9371d9707b71821d
SHA512

918e8d12c2490b4359212c913894f78c40f596697229c03736d5abb589cf4fc85ae8b917242442a7eae608fdd7e296c00033b606dd8d4c00bcb78b469f993547

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

32644bca80e32c4cabe236c15a31aa9538c64349ae8d0a9a9371d9707b71821d.exe

Resource

win10-en-20210920

discovery persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  32644bca80e32c4cabe236c15a31aa9538c64349ae8d0a9a9371d9707b71821d
- Size
  
  69KB
- MD5
  
  87809bbb605f9a0446f9f4e289dde0b4
- SHA1
  
  9ca27dc11bb6428c47cceb0f62bab494474ff408
- SHA256
  
  32644bca80e32c4cabe236c15a31aa9538c64349ae8d0a9a9371d9707b71821d
- SHA512
  
  918e8d12c2490b4359212c913894f78c40f596697229c03736d5abb589cf4fc85ae8b917242442a7eae608fdd7e296c00033b606dd8d4c00bcb78b469f993547
Score

8^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy