Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e2fc896b4a3907b2681f0b299749259cb9c464e97172d45c2c836d589c3c51ff

  • Size

    375KB

  • Sample

    221010-teqbvacfgj

  • MD5

    fcddb426ede2c5c0096b79887e4d9d0a

  • SHA1

    75c267eaaf494292af6d1476a7f1a5d641c76697

  • SHA256

    e2fc896b4a3907b2681f0b299749259cb9c464e97172d45c2c836d589c3c51ff

  • SHA512

    2467193b57d2b338fd376c64083d4ca107f1a4f44756f96d4ec3daa809622b75e7f971f3363affa43eba2d08d5f307e6bf4b8361312af1482af1023484b1edc7

  • SSDEEP

    6144:Av5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:A4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      e2fc896b4a3907b2681f0b299749259cb9c464e97172d45c2c836d589c3c51ff

    • Size

      375KB

    • MD5

      fcddb426ede2c5c0096b79887e4d9d0a

    • SHA1

      75c267eaaf494292af6d1476a7f1a5d641c76697

    • SHA256

      e2fc896b4a3907b2681f0b299749259cb9c464e97172d45c2c836d589c3c51ff

    • SHA512

      2467193b57d2b338fd376c64083d4ca107f1a4f44756f96d4ec3daa809622b75e7f971f3363affa43eba2d08d5f307e6bf4b8361312af1482af1023484b1edc7

    • SSDEEP

      6144:Av5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:A4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks