Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3357e7ea44e4d30304b1e5a4f53da37c848ce10fda0bd03a4f0dc0c5220e336

  • Size

    397KB

  • Sample

    220524-ayvk5adffn

  • MD5

    6f593dbea0a8703af52bd66f582251a4

  • SHA1

    2201a210e9680ec079b08bdb1da6d23112d87dcc

  • SHA256

    a3357e7ea44e4d30304b1e5a4f53da37c848ce10fda0bd03a4f0dc0c5220e336

  • SHA512

    97ebc0b7f27a76efead93fce05a8d059b4c6629e6348d5d4b728ed910ab00848b44737c6b5a48ac070d62a1da9273fc72b809fcf36bd17afb573fccc33d5aa73

Score
10/10
xmrigevasionminerpersistence

Malware Config

Targets

    • Target

      a3357e7ea44e4d30304b1e5a4f53da37c848ce10fda0bd03a4f0dc0c5220e336

    • Size

      397KB

    • MD5

      6f593dbea0a8703af52bd66f582251a4

    • SHA1

      2201a210e9680ec079b08bdb1da6d23112d87dcc

    • SHA256

      a3357e7ea44e4d30304b1e5a4f53da37c848ce10fda0bd03a4f0dc0c5220e336

    • SHA512

      97ebc0b7f27a76efead93fce05a8d059b4c6629e6348d5d4b728ed910ab00848b44737c6b5a48ac070d62a1da9273fc72b809fcf36bd17afb573fccc33d5aa73

    Score
    10/10
    xmrigevasionminerpersistence

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Modifies WinLogon

      persistence

    • Modifies powershell logging option

      evasion
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks