Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    db15bd9e59b8b9f4e879860376c7b333b37ac6d86d7852dfc55a0f893f30cf7d

  • Size

    375KB

  • Sample

    220910-cxs21sheb2

  • MD5

    d01885970b7dfc15836fb2783f0c53ed

  • SHA1

    51ca9b177d94982f1dab0b550885be2fbb52c348

  • SHA256

    db15bd9e59b8b9f4e879860376c7b333b37ac6d86d7852dfc55a0f893f30cf7d

  • SHA512

    d318ddeb363a70f829427ad95c0315d713e3ed7a8ba738204d9923472d2d32be1215ca8860fabd006d205143d0eabc1e565f40560defd91c3bebc09a6be889bd

  • SSDEEP

    6144:kv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:k4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      db15bd9e59b8b9f4e879860376c7b333b37ac6d86d7852dfc55a0f893f30cf7d

    • Size

      375KB

    • MD5

      d01885970b7dfc15836fb2783f0c53ed

    • SHA1

      51ca9b177d94982f1dab0b550885be2fbb52c348

    • SHA256

      db15bd9e59b8b9f4e879860376c7b333b37ac6d86d7852dfc55a0f893f30cf7d

    • SHA512

      d318ddeb363a70f829427ad95c0315d713e3ed7a8ba738204d9923472d2d32be1215ca8860fabd006d205143d0eabc1e565f40560defd91c3bebc09a6be889bd

    • SSDEEP

      6144:kv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:k4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks