Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a61b992773f571c45f2d1087a56817dd5c1f3a90ca2965cc5c7319b33f3890b

  • Size

    4.6MB

  • Sample

    211208-ny9xpsaahq

  • MD5

    5dec7029dda901f99d02a1cb08d6b3ab

  • SHA1

    8561c81e8fab7889eb13ab29450bed82878e78c9

  • SHA256

    6a61b992773f571c45f2d1087a56817dd5c1f3a90ca2965cc5c7319b33f3890b

  • SHA512

    09e5856113a7b073568e878d1de74c834e318dd05b95afe8729a3008b4cc1efc0b1a6a9c21b25c0b1dadec3d6de5b5bc4ef84523f454591717b6f24fe5dffaca

Score
10/10
persistencesuricataupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1

Targets

    • Target

      6a61b992773f571c45f2d1087a56817dd5c1f3a90ca2965cc5c7319b33f3890b

    • Size

      4.6MB

    • MD5

      5dec7029dda901f99d02a1cb08d6b3ab

    • SHA1

      8561c81e8fab7889eb13ab29450bed82878e78c9

    • SHA256

      6a61b992773f571c45f2d1087a56817dd5c1f3a90ca2965cc5c7319b33f3890b

    • SHA512

      09e5856113a7b073568e878d1de74c834e318dd05b95afe8729a3008b4cc1efc0b1a6a9c21b25c0b1dadec3d6de5b5bc4ef84523f454591717b6f24fe5dffaca

    Score
    10/10
    persistencesuricataupx

    • suricata: ET MALWARE ServHelper CnC Inital Checkin

      suricata: ET MALWARE ServHelper CnC Inital Checkin

      suricata

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Blocklisted process makes network request

    • Modifies RDP port number used by Windows

    • Sets DLL path for service in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

1
T1098

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Remote Desktop Protocol

1
T1076

Collection

Exfiltration

Command and Control

Impact

Tasks