Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42e4e66240e60f5a0fcd4a7883b339f082522ce1bc63843c2ffb36a67bcf1415

  • Size

    2.6MB

  • Sample

    220111-mm8ptsfcb6

  • MD5

    6d146e3ddad2f5eff0479a9596c9b4ef

  • SHA1

    f7f5a96f3d72580acd6e15e32a899f7e39e83cf6

  • SHA256

    42e4e66240e60f5a0fcd4a7883b339f082522ce1bc63843c2ffb36a67bcf1415

  • SHA512

    ab467e0c509f821167b7bd1b9bade0a69e5811ee2e4447abadcb37447abec8ef52308419217b13d227a46ad9ce0198eec607037ca29fb15f20f60d6ea2e40b9a

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      42e4e66240e60f5a0fcd4a7883b339f082522ce1bc63843c2ffb36a67bcf1415

    • Size

      2.6MB

    • MD5

      6d146e3ddad2f5eff0479a9596c9b4ef

    • SHA1

      f7f5a96f3d72580acd6e15e32a899f7e39e83cf6

    • SHA256

      42e4e66240e60f5a0fcd4a7883b339f082522ce1bc63843c2ffb36a67bcf1415

    • SHA512

      ab467e0c509f821167b7bd1b9bade0a69e5811ee2e4447abadcb37447abec8ef52308419217b13d227a46ad9ce0198eec607037ca29fb15f20f60d6ea2e40b9a

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks