Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    734045009f0b155db1692141832332bb4fdc4511399a67a5e22835a2b72fc7bd

  • Size

    245KB

  • Sample

    211214-yy1ddagcg6

  • MD5

    b0e4ad8a749f5a154420e5f6d3eadbe0

  • SHA1

    d9597f8e4d1b35acf9fed9622548946b83947bda

  • SHA256

    734045009f0b155db1692141832332bb4fdc4511399a67a5e22835a2b72fc7bd

  • SHA512

    dde672033bf3d426a6cedcb774bdca7815f3afab8fcdf8dc93016d3362c85a2e0134505747b96bab2e729533e91add660165aa3de106a5e701f2dbda2b0c8071

Score
10/10
vkeyloggerkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      734045009f0b155db1692141832332bb4fdc4511399a67a5e22835a2b72fc7bd

    • Size

      245KB

    • MD5

      b0e4ad8a749f5a154420e5f6d3eadbe0

    • SHA1

      d9597f8e4d1b35acf9fed9622548946b83947bda

    • SHA256

      734045009f0b155db1692141832332bb4fdc4511399a67a5e22835a2b72fc7bd

    • SHA512

      dde672033bf3d426a6cedcb774bdca7815f3afab8fcdf8dc93016d3362c85a2e0134505747b96bab2e729533e91add660165aa3de106a5e701f2dbda2b0c8071

    Score
    10/10
    vkeyloggerkeyloggerpersistencestealer

    • Modifies WinLogon for persistence

      persistence

    • VKeylogger

      A keylogger first seen in Nov 2020.

      stealerkeyloggervkeylogger

    • VKeylogger Payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks