Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    276d00d16fc468d0ed47c4bc51dd7184207b6f8f440255c8bc24b1a233ee9f8c

  • Size

    375KB

  • Sample

    220923-hag9wsddc4

  • MD5

    78c49abfd69723eced1ddd15f00eb718

  • SHA1

    991f106853722fa4e7d46e02cb61904004d5ff39

  • SHA256

    276d00d16fc468d0ed47c4bc51dd7184207b6f8f440255c8bc24b1a233ee9f8c

  • SHA512

    197e008e9d5fb10b67a42a52edd726cfe0c1e4385d82b6a12c3aa5c9d238017bec0d43a1ade4a8cc1594584e4a64715c08cadacc7f74dcaa82d58c3ed533e8f5

  • SSDEEP

    6144:Xv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:X4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      276d00d16fc468d0ed47c4bc51dd7184207b6f8f440255c8bc24b1a233ee9f8c

    • Size

      375KB

    • MD5

      78c49abfd69723eced1ddd15f00eb718

    • SHA1

      991f106853722fa4e7d46e02cb61904004d5ff39

    • SHA256

      276d00d16fc468d0ed47c4bc51dd7184207b6f8f440255c8bc24b1a233ee9f8c

    • SHA512

      197e008e9d5fb10b67a42a52edd726cfe0c1e4385d82b6a12c3aa5c9d238017bec0d43a1ade4a8cc1594584e4a64715c08cadacc7f74dcaa82d58c3ed533e8f5

    • SSDEEP

      6144:Xv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:X4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks