ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33 | Triage

Submit
Reports

Overview

overview

9

Static

static

dridex

windows10_x64

9

Sharing

General

Target

ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33
Size

68KB
Sample

211020-mzc4paghe4
MD5

064a8c76b9ee093e9c1de6d9acbef1bf
SHA1

37fd361ccbbef5aa5c503044038aafac141c603d
SHA256

ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33
SHA512

4aa80e73e6f2216e2d4835ac3a7e4cb591e8e501c18c29a8a5524ca7c7c2087d18c30deb4fe7caacce2b66078724ff7f544658700e8af309d8360ed2a704acf9

Score

9^/10

discovery evasion persistence spyware stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33.exe

Resource

win10-en-20210920

discovery evasion persistence spyware stealer themida trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33
- Size
  
  68KB
- MD5
  
  064a8c76b9ee093e9c1de6d9acbef1bf
- SHA1
  
  37fd361ccbbef5aa5c503044038aafac141c603d
- SHA256
  
  ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33
- SHA512
  
  4aa80e73e6f2216e2d4835ac3a7e4cb591e8e501c18c29a8a5524ca7c7c2087d18c30deb4fe7caacce2b66078724ff7f544658700e8af309d8360ed2a704acf9
Score

9^/10

discovery evasion persistence spyware stealer themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealerthemidatrojan

© 2018-2024

Terms | Privacy