Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f54ab9736e0b804a3ca5bc39821b6d6d24f1c55c5e61f773611009a0fbadac55

  • Size

    375KB

  • Sample

    220909-vh6nnsgfe8

  • MD5

    0a79285ad0e13531a730e7c824c36e16

  • SHA1

    fac07ce363d0a9cf6a766a5426d8abc4fb673f50

  • SHA256

    f54ab9736e0b804a3ca5bc39821b6d6d24f1c55c5e61f773611009a0fbadac55

  • SHA512

    90de77b41d28c9210a559c387bfec067ff68bfaeae21813e08a6d2ba43f99ce497664a0b81fa9d0132599c09853a5be3e0b5c1a2eba549a09544895ab3711c4f

  • SSDEEP

    6144:3v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:34VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      f54ab9736e0b804a3ca5bc39821b6d6d24f1c55c5e61f773611009a0fbadac55

    • Size

      375KB

    • MD5

      0a79285ad0e13531a730e7c824c36e16

    • SHA1

      fac07ce363d0a9cf6a766a5426d8abc4fb673f50

    • SHA256

      f54ab9736e0b804a3ca5bc39821b6d6d24f1c55c5e61f773611009a0fbadac55

    • SHA512

      90de77b41d28c9210a559c387bfec067ff68bfaeae21813e08a6d2ba43f99ce497664a0b81fa9d0132599c09853a5be3e0b5c1a2eba549a09544895ab3711c4f

    • SSDEEP

      6144:3v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:34VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks