Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0539f85f58cbdfbd5402f02bef84c1ed425122cc95f34c38719d9059343350b6

  • Size

    817KB

  • Sample

    220316-lfmcksbge6

  • MD5

    55de296cf36210a101903ad018edddbc

  • SHA1

    30857c9cf63be230ed01ad34995b85108f2c9eb9

  • SHA256

    0539f85f58cbdfbd5402f02bef84c1ed425122cc95f34c38719d9059343350b6

  • SHA512

    875f0bc9d1ce36a592c9f2211d002919f89f5b9eb8e88ca74a820f6cfdbb56e4ad7e94504db2061f5141e8452118e01c7c8007321299c92543af4a0f9be6d730

Score
10/10
collectionspywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.dlink.md
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Freemind2k3

Targets

    • Target

      0539f85f58cbdfbd5402f02bef84c1ed425122cc95f34c38719d9059343350b6

    • Size

      817KB

    • MD5

      55de296cf36210a101903ad018edddbc

    • SHA1

      30857c9cf63be230ed01ad34995b85108f2c9eb9

    • SHA256

      0539f85f58cbdfbd5402f02bef84c1ed425122cc95f34c38719d9059343350b6

    • SHA512

      875f0bc9d1ce36a592c9f2211d002919f89f5b9eb8e88ca74a820f6cfdbb56e4ad7e94504db2061f5141e8452118e01c7c8007321299c92543af4a0f9be6d730

    Score
    10/10
    collectionspywarestealer

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks