Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    305be5c89a59aea6f58ccb50ce51fb7a2e74ece50c49a268afec5eef4de73e0e

  • Size

    157KB

  • Sample

    211219-r67dbsgeb5

  • MD5

    97b280b69f91f49d28711137942b3d9b

  • SHA1

    69f8fd656c22b84eeaac5960e9ef273800c67f0e

  • SHA256

    305be5c89a59aea6f58ccb50ce51fb7a2e74ece50c49a268afec5eef4de73e0e

  • SHA512

    cf04d137d9b6a64b370f32de9c47706682e8eba06fb3c2c665ef6a32ebfd2ba5f4f014dd7dcafb04ac4cbc2c9bf97fb8316f5430e5250a3b8063c74842d92a65

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      305be5c89a59aea6f58ccb50ce51fb7a2e74ece50c49a268afec5eef4de73e0e

    • Size

      157KB

    • MD5

      97b280b69f91f49d28711137942b3d9b

    • SHA1

      69f8fd656c22b84eeaac5960e9ef273800c67f0e

    • SHA256

      305be5c89a59aea6f58ccb50ce51fb7a2e74ece50c49a268afec5eef4de73e0e

    • SHA512

      cf04d137d9b6a64b370f32de9c47706682e8eba06fb3c2c665ef6a32ebfd2ba5f4f014dd7dcafb04ac4cbc2c9bf97fb8316f5430e5250a3b8063c74842d92a65

    Score
    10/10
    njratevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks