Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90cbca7778f5ffde17b882b86f55292903ddb9868b65fa7f3e5debe0fcf89b2e

  • Size

    2.7MB

  • Sample

    220401-zk7e7schaj

  • MD5

    aa4bbee94ce22afceefce68d1e7fb5ec

  • SHA1

    f0ca352bd188b594880074043dc357cad85897dc

  • SHA256

    90cbca7778f5ffde17b882b86f55292903ddb9868b65fa7f3e5debe0fcf89b2e

  • SHA512

    22f4f01a3a7d01fa6e95fff69cefa6042c6cc20b0699c0ea385746b741ca0661d13f38031ce7816e46330920e11e77c761f63993009812cbc740cb15070e43d5

Score
10/10
loaderbotloaderminerpersistencesuricata

Malware Config

Targets

    • Target

      90cbca7778f5ffde17b882b86f55292903ddb9868b65fa7f3e5debe0fcf89b2e

    • Size

      2.7MB

    • MD5

      aa4bbee94ce22afceefce68d1e7fb5ec

    • SHA1

      f0ca352bd188b594880074043dc357cad85897dc

    • SHA256

      90cbca7778f5ffde17b882b86f55292903ddb9868b65fa7f3e5debe0fcf89b2e

    • SHA512

      22f4f01a3a7d01fa6e95fff69cefa6042c6cc20b0699c0ea385746b741ca0661d13f38031ce7816e46330920e11e77c761f63993009812cbc740cb15070e43d5

    Score
    10/10
    loaderbotloaderminerpersistencesuricata

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • suricata: ET MALWARE CerberTear Ransomware CnC Checkin

      suricata: ET MALWARE CerberTear Ransomware CnC Checkin

      suricata

    • LoaderBot executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks