Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2caa3bcc4146290a87ecde0f5e9f04df6d8b74d914c8370ee65bfd418ed4d111

  • Size

    375KB

  • Sample

    220920-anpl5afcfk

  • MD5

    ba7434f836ba253b0d9f9f2b8a9ada73

  • SHA1

    a1a108123493de1cee00a72e0db158fae6c271f0

  • SHA256

    2caa3bcc4146290a87ecde0f5e9f04df6d8b74d914c8370ee65bfd418ed4d111

  • SHA512

    b5bafb7dcfdb1aff410a77ae233c12d9c57c3ad684684c52b29cb7e2f4ea6920a403ca5dfa69cc35f891b52c98828609b97c8ba6563c7a13971250fe2cc6ef78

  • SSDEEP

    6144:Tv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:T4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      2caa3bcc4146290a87ecde0f5e9f04df6d8b74d914c8370ee65bfd418ed4d111

    • Size

      375KB

    • MD5

      ba7434f836ba253b0d9f9f2b8a9ada73

    • SHA1

      a1a108123493de1cee00a72e0db158fae6c271f0

    • SHA256

      2caa3bcc4146290a87ecde0f5e9f04df6d8b74d914c8370ee65bfd418ed4d111

    • SHA512

      b5bafb7dcfdb1aff410a77ae233c12d9c57c3ad684684c52b29cb7e2f4ea6920a403ca5dfa69cc35f891b52c98828609b97c8ba6563c7a13971250fe2cc6ef78

    • SSDEEP

      6144:Tv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:T4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks