Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e446910eb4487094a244ea4299e733897dff1eabe6cbf1bd3952b73bdadedc0

  • Size

    375KB

  • Sample

    220806-gvkp3sbdbn

  • MD5

    d25703874ff5b46f76ce906d5d3f7b80

  • SHA1

    6c0dbe6fdfd175ec93c460627e4029bb4277b871

  • SHA256

    7e446910eb4487094a244ea4299e733897dff1eabe6cbf1bd3952b73bdadedc0

  • SHA512

    c1abdbb580a231908a46e46a4e41612561aaad1b4d6b354b006d3011beba8867e6c5d45a28dae8db73d4ff87ddcda65e612ef0d8abdc4b09bc97a835cfffe79f

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      7e446910eb4487094a244ea4299e733897dff1eabe6cbf1bd3952b73bdadedc0

    • Size

      375KB

    • MD5

      d25703874ff5b46f76ce906d5d3f7b80

    • SHA1

      6c0dbe6fdfd175ec93c460627e4029bb4277b871

    • SHA256

      7e446910eb4487094a244ea4299e733897dff1eabe6cbf1bd3952b73bdadedc0

    • SHA512

      c1abdbb580a231908a46e46a4e41612561aaad1b4d6b354b006d3011beba8867e6c5d45a28dae8db73d4ff87ddcda65e612ef0d8abdc4b09bc97a835cfffe79f

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks