Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a7e84e07d7dffea2925e5a508c2a419ffd2a44f110e0645972e4d077d8822b4

  • Size

    397KB

  • Sample

    220518-pq3zvscdgj

  • MD5

    45626e0ba033517e92404779ed548fb1

  • SHA1

    72722ee51dc3cb8be87f35203b0bd41a380c9a52

  • SHA256

    0a7e84e07d7dffea2925e5a508c2a419ffd2a44f110e0645972e4d077d8822b4

  • SHA512

    9227d419b99cc75921d0a8fc12851954905e49d3ad83d399813ba5d18e5c3171e62c076cd4d8dd9a58e0881bc77b90db0ace80dd932a8048eb037154039f3f15

Score
10/10
xmrigdiscoveryevasionminerpersistence

Malware Config

Targets

    • Target

      0a7e84e07d7dffea2925e5a508c2a419ffd2a44f110e0645972e4d077d8822b4

    • Size

      397KB

    • MD5

      45626e0ba033517e92404779ed548fb1

    • SHA1

      72722ee51dc3cb8be87f35203b0bd41a380c9a52

    • SHA256

      0a7e84e07d7dffea2925e5a508c2a419ffd2a44f110e0645972e4d077d8822b4

    • SHA512

      9227d419b99cc75921d0a8fc12851954905e49d3ad83d399813ba5d18e5c3171e62c076cd4d8dd9a58e0881bc77b90db0ace80dd932a8048eb037154039f3f15

    Score
    10/10
    xmrigdiscoveryevasionminerpersistence

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Modifies WinLogon

      persistence

    • Modifies powershell logging option

      evasion
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks