Overview

overview

9

Static

static

dridex

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23c781cb78694a2e628d489c1b01a9e5db64bbd5a6fcbb04ddaf20c0d0586539

  • Size

    1.8MB

  • Sample

    220809-f3w8eafch3

  • MD5

    abb4212bc15517a49fa413e6b229be11

  • SHA1

    b932db497fd8b825c1802073a72d3e636693582d

  • SHA256

    23c781cb78694a2e628d489c1b01a9e5db64bbd5a6fcbb04ddaf20c0d0586539

  • SHA512

    ca5376414821b9a0aeb4cc4dcfc62c84609116fc4da3dc9a4f09cd15c1f3dad98c62432dcb23f8d74b55099e42266cea37bdb681a513e655ead0e717cc43d9b7

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      23c781cb78694a2e628d489c1b01a9e5db64bbd5a6fcbb04ddaf20c0d0586539

    • Size

      1.8MB

    • MD5

      abb4212bc15517a49fa413e6b229be11

    • SHA1

      b932db497fd8b825c1802073a72d3e636693582d

    • SHA256

      23c781cb78694a2e628d489c1b01a9e5db64bbd5a6fcbb04ddaf20c0d0586539

    • SHA512

      ca5376414821b9a0aeb4cc4dcfc62c84609116fc4da3dc9a4f09cd15c1f3dad98c62432dcb23f8d74b55099e42266cea37bdb681a513e655ead0e717cc43d9b7

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks