Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    556667be48f0793351280485a3ac3a18599dc8084e16a06458d84baef5fc4402

  • Size

    397KB

  • Sample

    220518-wtdbyaceg9

  • MD5

    f87b5521fc916942a30df0be6529a059

  • SHA1

    2881b9d73a93606a30b00fdd63723b4c8921c692

  • SHA256

    556667be48f0793351280485a3ac3a18599dc8084e16a06458d84baef5fc4402

  • SHA512

    a45c1f4f9abe397e332612b727733cdf02f2092b77081a86765aa2e4d02bf7290b12d03cf10ecaf3129bcd95cc75692b3ff1459443af0156e5cd8f673793ac82

Score
10/10
xmrigevasionminerpersistence

Malware Config

Targets

    • Target

      556667be48f0793351280485a3ac3a18599dc8084e16a06458d84baef5fc4402

    • Size

      397KB

    • MD5

      f87b5521fc916942a30df0be6529a059

    • SHA1

      2881b9d73a93606a30b00fdd63723b4c8921c692

    • SHA256

      556667be48f0793351280485a3ac3a18599dc8084e16a06458d84baef5fc4402

    • SHA512

      a45c1f4f9abe397e332612b727733cdf02f2092b77081a86765aa2e4d02bf7290b12d03cf10ecaf3129bcd95cc75692b3ff1459443af0156e5cd8f673793ac82

    Score
    10/10
    xmrigevasionminerpersistence

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Modifies WinLogon

      persistence

    • Modifies powershell logging option

      evasion
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks