Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71f53d9f51c308218ce477988f33c8ce23fc766a60bb803baa8062ec3911a46d

  • Size

    6.6MB

  • Sample

    220516-qn8b8sfcfk

  • MD5

    9227df15a138dd7f048f001db44c6ab4

  • SHA1

    8f3a07f9afcb8d8d1beb0134470980b8c464c8fe

  • SHA256

    71f53d9f51c308218ce477988f33c8ce23fc766a60bb803baa8062ec3911a46d

  • SHA512

    abf151151b4ae26a35eafeb9d2986f99ddb1cdf91ce8d2100fcc7f0120ac027885a12fe152d0b44a213273bec91d40eaa76195bba00c3862c9552dda38994044

Score
10/10
xmrigminerpersistenceupx

Malware Config

Targets

    • Target

      71f53d9f51c308218ce477988f33c8ce23fc766a60bb803baa8062ec3911a46d

    • Size

      6.6MB

    • MD5

      9227df15a138dd7f048f001db44c6ab4

    • SHA1

      8f3a07f9afcb8d8d1beb0134470980b8c464c8fe

    • SHA256

      71f53d9f51c308218ce477988f33c8ce23fc766a60bb803baa8062ec3911a46d

    • SHA512

      abf151151b4ae26a35eafeb9d2986f99ddb1cdf91ce8d2100fcc7f0120ac027885a12fe152d0b44a213273bec91d40eaa76195bba00c3862c9552dda38994044

    Score
    10/10
    xmrigminerpersistenceupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks