Overview

overview

9

Static

static

dridex

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    603e73cbc7de5a94b8846112829ba094ceb7649a907864304e6cf288ef8635cf

  • Size

    1.8MB

  • Sample

    220809-f7gnhsdfar

  • MD5

    69453c4c67c6c4151d31ca3d272eb1b1

  • SHA1

    908a67c029f25e166298cfe257da5f1c32d71684

  • SHA256

    603e73cbc7de5a94b8846112829ba094ceb7649a907864304e6cf288ef8635cf

  • SHA512

    3b9f62e7750e30e2090117f6df1a76a5850049e90522e7749210af53b5da1716523867578bf3d1834b06bcc6ce85d447ecbd4045b10bb60657f9ce80ef70e2a1

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      603e73cbc7de5a94b8846112829ba094ceb7649a907864304e6cf288ef8635cf

    • Size

      1.8MB

    • MD5

      69453c4c67c6c4151d31ca3d272eb1b1

    • SHA1

      908a67c029f25e166298cfe257da5f1c32d71684

    • SHA256

      603e73cbc7de5a94b8846112829ba094ceb7649a907864304e6cf288ef8635cf

    • SHA512

      3b9f62e7750e30e2090117f6df1a76a5850049e90522e7749210af53b5da1716523867578bf3d1834b06bcc6ce85d447ecbd4045b10bb60657f9ce80ef70e2a1

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks