cd98fd36bb86c766619a6b37fa1c1cadd828c76789730f65a84360b20d14ccf2 | Triage

Submit
Reports

Overview

overview

Static

static

8

dridex

windows10_x64

Sharing

General

Target

cd98fd36bb86c766619a6b37fa1c1cadd828c76789730f65a84360b20d14ccf2
Size

4.2MB
Sample

211029-bsllpshbel
MD5

9c50d95dc3393f2f80cac58a9f5b93f7
SHA1

d33acac96477bfc8104e7ddb104992a7f2a41858
SHA256

cd98fd36bb86c766619a6b37fa1c1cadd828c76789730f65a84360b20d14ccf2
SHA512

bb822cc965febd592066bc0c6ea93b026de40ec834374fed109bc4fd508fa33a6a1eb626f374f8be67229c1ce0dba3a4dfad2807618399f3a3470c014412c93f

Score

10^/10

evasion persistence suricata vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

cd98fd36bb86c766619a6b37fa1c1cadd828c76789730f65a84360b20d14ccf2.exe

Resource

win10-en-20211014

evasion persistence suricata vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cd98fd36bb86c766619a6b37fa1c1cadd828c76789730f65a84360b20d14ccf2
- Size
  
  4.2MB
- MD5
  
  9c50d95dc3393f2f80cac58a9f5b93f7
- SHA1
  
  d33acac96477bfc8104e7ddb104992a7f2a41858
- SHA256
  
  cd98fd36bb86c766619a6b37fa1c1cadd828c76789730f65a84360b20d14ccf2
- SHA512
  
  bb822cc965febd592066bc0c6ea93b026de40ec834374fed109bc4fd508fa33a6a1eb626f374f8be67229c1ce0dba3a4dfad2807618399f3a3470c014412c93f
Score

10^/10

evasion persistence suricata vmprotect
- suricata: ET MALWARE Generic .bin download from Dotted Quad
  suricata: ET MALWARE Generic .bin download from Dotted Quad
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencesuricatavmprotect

© 2018-2024

Terms | Privacy