Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    28c4083a9a96915103b28014fff927b1f02877d918c5580e52d792472a5a9c5d

  • Size

    375KB

  • Sample

    220915-egnhpsffaj

  • MD5

    c6009dfea58b71029a2639ce96c50457

  • SHA1

    b66f315f6bb744bdfe59999cfd2951af20731dc2

  • SHA256

    28c4083a9a96915103b28014fff927b1f02877d918c5580e52d792472a5a9c5d

  • SHA512

    35ed6e113790e9a433d092defaae15977d8927cc9aa7b25e12da7ce7099e59b6aff36c0b32c4a4b5ecb8894a49ef5b51820852caf91e693460fc9d9228f4360f

  • SSDEEP

    6144:/v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:/4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      28c4083a9a96915103b28014fff927b1f02877d918c5580e52d792472a5a9c5d

    • Size

      375KB

    • MD5

      c6009dfea58b71029a2639ce96c50457

    • SHA1

      b66f315f6bb744bdfe59999cfd2951af20731dc2

    • SHA256

      28c4083a9a96915103b28014fff927b1f02877d918c5580e52d792472a5a9c5d

    • SHA512

      35ed6e113790e9a433d092defaae15977d8927cc9aa7b25e12da7ce7099e59b6aff36c0b32c4a4b5ecb8894a49ef5b51820852caf91e693460fc9d9228f4360f

    • SSDEEP

      6144:/v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:/4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks