7602561fc7023384eca9a58d057d24b178fa6e9c9f3689e89b2608b6ce6b8048 | Triage

Submit
Reports

Overview

overview

Static

static

8

dridex

windows10_x64

Sharing

General

Target

7602561fc7023384eca9a58d057d24b178fa6e9c9f3689e89b2608b6ce6b8048
Size

11.7MB
Sample

220108-fd1jjacgd4
MD5

13d8c3f486541b67a07271be7b6b9eee
SHA1

48cd86538fdbe833ab04006cdbfccf239c54db5e
SHA256

7602561fc7023384eca9a58d057d24b178fa6e9c9f3689e89b2608b6ce6b8048
SHA512

5c5fe9501b3330e84e0aa6ee75a60ea25006c80b5b7ea47c94c1d6612a6ddc0ab9d202e9e45b382874c7974c6f6d587a71818ebed8075fa788589ec958904e2a

Score

10^/10

adware evasion persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7602561fc7023384eca9a58d057d24b178fa6e9c9f3689e89b2608b6ce6b8048.exe

Resource

win10-en-20211208

adware evasion persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7602561fc7023384eca9a58d057d24b178fa6e9c9f3689e89b2608b6ce6b8048
- Size
  
  11.7MB
- MD5
  
  13d8c3f486541b67a07271be7b6b9eee
- SHA1
  
  48cd86538fdbe833ab04006cdbfccf239c54db5e
- SHA256
  
  7602561fc7023384eca9a58d057d24b178fa6e9c9f3689e89b2608b6ce6b8048
- SHA512
  
  5c5fe9501b3330e84e0aa6ee75a60ea25006c80b5b7ea47c94c1d6612a6ddc0ab9d202e9e45b382874c7974c6f6d587a71818ebed8075fa788589ec958904e2a
Score

10^/10

adware evasion persistence spyware stealer trojan upx
- UAC bypass
  evasion trojan
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwareevasionpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy