Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b91380cb386ee09d3a17e57f85de5c89571b9b5a1e3ebf4b024b132fb1ef002

  • Size

    375KB

  • Sample

    220806-h6wr6aeea2

  • MD5

    c8845e3a7ffa411f6f88c37207e6b80d

  • SHA1

    377da6249f9bf4791b432972b97f779f842e6aa6

  • SHA256

    5b91380cb386ee09d3a17e57f85de5c89571b9b5a1e3ebf4b024b132fb1ef002

  • SHA512

    760795f9b3cff2ad831b8e357d6f19a8a978a61f8cdc1e65c58be81d7030a981bbde952d232f89d7d58f2c16181a3cdc735f27e552bf656d2a86f26e4ad59ce9

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      5b91380cb386ee09d3a17e57f85de5c89571b9b5a1e3ebf4b024b132fb1ef002

    • Size

      375KB

    • MD5

      c8845e3a7ffa411f6f88c37207e6b80d

    • SHA1

      377da6249f9bf4791b432972b97f779f842e6aa6

    • SHA256

      5b91380cb386ee09d3a17e57f85de5c89571b9b5a1e3ebf4b024b132fb1ef002

    • SHA512

      760795f9b3cff2ad831b8e357d6f19a8a978a61f8cdc1e65c58be81d7030a981bbde952d232f89d7d58f2c16181a3cdc735f27e552bf656d2a86f26e4ad59ce9

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks