Overview

overview

8

Static

static

dridex

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8cf5578512d3b81654a1376a336b5fa99b5b86ea8fcb0754cd9820b4e1f64494

  • Size

    1.3MB

  • Sample

    211106-y8x11afef5

  • MD5

    aa3b423ab17bbaa6c323ec8ecf686256

  • SHA1

    c9708425538ac206bcffad00646275c4aced0630

  • SHA256

    8cf5578512d3b81654a1376a336b5fa99b5b86ea8fcb0754cd9820b4e1f64494

  • SHA512

    9450a8ca302502636c6f32c57bbef252eb08aa6838ce0ddc27e2ac944459aa35104a40a8cf353c796c8122386dbcd60863db01a5ea772eae5cb202a806e764ec

Score
8/10
agilenetpersistence

Malware Config

Targets

    • Target

      8cf5578512d3b81654a1376a336b5fa99b5b86ea8fcb0754cd9820b4e1f64494

    • Size

      1.3MB

    • MD5

      aa3b423ab17bbaa6c323ec8ecf686256

    • SHA1

      c9708425538ac206bcffad00646275c4aced0630

    • SHA256

      8cf5578512d3b81654a1376a336b5fa99b5b86ea8fcb0754cd9820b4e1f64494

    • SHA512

      9450a8ca302502636c6f32c57bbef252eb08aa6838ce0ddc27e2ac944459aa35104a40a8cf353c796c8122386dbcd60863db01a5ea772eae5cb202a806e764ec

    Score
    8/10
    agilenetpersistence

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks