Overview

overview

10

Static

static

10

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dfb278405d6f2c0795936304f4c8d2e572be0d2699477d5b68b4fcff67f9bf42

  • Size

    627KB

  • Sample

    220407-kjydksdgg6

  • MD5

    af776fc957e51c8846258b4d8004e1a1

  • SHA1

    3baed603d9b56e085d56371397595f81edcf7b70

  • SHA256

    dfb278405d6f2c0795936304f4c8d2e572be0d2699477d5b68b4fcff67f9bf42

  • SHA512

    dc1d06d9d55d5bfd008d3f1e272c60440b777552dccb76858b062d1affbeae4f6c84429e2db8df5c8bd25edfd4a6afef5b81d76eaa801e36d5b7efdd1e3f92ef

Score
10/10
darktrackpersistenceratstealer

Malware Config

Targets

    • Target

      dfb278405d6f2c0795936304f4c8d2e572be0d2699477d5b68b4fcff67f9bf42

    • Size

      627KB

    • MD5

      af776fc957e51c8846258b4d8004e1a1

    • SHA1

      3baed603d9b56e085d56371397595f81edcf7b70

    • SHA256

      dfb278405d6f2c0795936304f4c8d2e572be0d2699477d5b68b4fcff67f9bf42

    • SHA512

      dc1d06d9d55d5bfd008d3f1e272c60440b777552dccb76858b062d1affbeae4f6c84429e2db8df5c8bd25edfd4a6afef5b81d76eaa801e36d5b7efdd1e3f92ef

    Score
    10/10
    darktrackpersistenceratstealer

    • DarkTrack

      DarkTrack is a remote administration tool written in delphi.

      ratstealerdarktrack

    • DarkTrack Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks