Overview

overview

9

Static

static

dridex

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f96d8621bf8830f2ce8d216e5abee90419e5a5760f3cfaa220ba46a0bda5d87d

  • Size

    1.8MB

  • Sample

    220809-f2vyysfcg2

  • MD5

    52fde15554cdda967fca765be4c3d0d4

  • SHA1

    f8a0ca4786e34dea88d47295c60e5f9421ae1a04

  • SHA256

    f96d8621bf8830f2ce8d216e5abee90419e5a5760f3cfaa220ba46a0bda5d87d

  • SHA512

    db948a6647e53a9bbd793d8cf80d05873b0e3f4f3355ad7240171cc4e40bae18d2aeca83061b880774cb5d2b9c086fd1e031f3c2c09b3067daad539006b77161

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      f96d8621bf8830f2ce8d216e5abee90419e5a5760f3cfaa220ba46a0bda5d87d

    • Size

      1.8MB

    • MD5

      52fde15554cdda967fca765be4c3d0d4

    • SHA1

      f8a0ca4786e34dea88d47295c60e5f9421ae1a04

    • SHA256

      f96d8621bf8830f2ce8d216e5abee90419e5a5760f3cfaa220ba46a0bda5d87d

    • SHA512

      db948a6647e53a9bbd793d8cf80d05873b0e3f4f3355ad7240171cc4e40bae18d2aeca83061b880774cb5d2b9c086fd1e031f3c2c09b3067daad539006b77161

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks