0171e9e9eeeb770d96f761afc719ec455f1798fa81f7a0bf99854ea08a11b5b9 | Triage

Submit
Reports

Overview

overview

9

Static

static

dridex

windows10_x64

9

Sharing

General

Target

0171e9e9eeeb770d96f761afc719ec455f1798fa81f7a0bf99854ea08a11b5b9
Size

75KB
Sample

211021-j478vaaac4
MD5

30386b3f9d7964ad395d9853be17ddc1
SHA1

f442060c820565873539183465a2f5784fee1b63
SHA256

0171e9e9eeeb770d96f761afc719ec455f1798fa81f7a0bf99854ea08a11b5b9
SHA512

aa55e95107d504a7cae31ed7dff9202e3cce145ab4df3d4ba2cc873350d718921c16a25accc693bd5c696e3eccdd53729d7e67cee74e8155f6ced7c4612248c4

Score

9^/10

discovery evasion persistence spyware stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

0171e9e9eeeb770d96f761afc719ec455f1798fa81f7a0bf99854ea08a11b5b9.exe

Resource

win10-en-20210920

discovery evasion persistence spyware stealer themida trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0171e9e9eeeb770d96f761afc719ec455f1798fa81f7a0bf99854ea08a11b5b9
- Size
  
  75KB
- MD5
  
  30386b3f9d7964ad395d9853be17ddc1
- SHA1
  
  f442060c820565873539183465a2f5784fee1b63
- SHA256
  
  0171e9e9eeeb770d96f761afc719ec455f1798fa81f7a0bf99854ea08a11b5b9
- SHA512
  
  aa55e95107d504a7cae31ed7dff9202e3cce145ab4df3d4ba2cc873350d718921c16a25accc693bd5c696e3eccdd53729d7e67cee74e8155f6ced7c4612248c4
Score

9^/10

discovery evasion persistence spyware stealer themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealerthemidatrojan

© 2018-2024

Terms | Privacy