Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ce4aff682a4faa9c09793f5a0f09db075786fe2d3098acf7553c62df22fa766

  • Size

    87KB

  • Sample

    221107-xrvzmsdce7

  • MD5

    1ac438d233f333474b959f8c0cb719af

  • SHA1

    9e64e2e4c3f295829a57810853a112b567209301

  • SHA256

    9ce4aff682a4faa9c09793f5a0f09db075786fe2d3098acf7553c62df22fa766

  • SHA512

    c5fb1dcf19be5dd5f1526b5a3572ae7fbd7efe63453cb7b5babd7d494d48b8c264d0c302658976a50b1b8d2f52874765631d6b9b64f5f1903bf674af81ca3990

  • SSDEEP

    1536:7UZggBc01k4Br4bk4OAsZ08PL4IBQF7EiMsf617xIatwIavbgoeaZ91x2uta:7UigBMRbBi/MGQF7EiMe6xZtqbgoeY9s

Score
10/10
asyncratsecurityhealthseurvicepersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

SecurityHealthSeurvice

C2

217.64.31.3:8437

Mutex

SecurityHealthSeurvice

Attributes
  • delay

    3

  • install

    false

  • install_file

    SecurityHealthSeurvice.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      9ce4aff682a4faa9c09793f5a0f09db075786fe2d3098acf7553c62df22fa766

    • Size

      87KB

    • MD5

      1ac438d233f333474b959f8c0cb719af

    • SHA1

      9e64e2e4c3f295829a57810853a112b567209301

    • SHA256

      9ce4aff682a4faa9c09793f5a0f09db075786fe2d3098acf7553c62df22fa766

    • SHA512

      c5fb1dcf19be5dd5f1526b5a3572ae7fbd7efe63453cb7b5babd7d494d48b8c264d0c302658976a50b1b8d2f52874765631d6b9b64f5f1903bf674af81ca3990

    • SSDEEP

      1536:7UZggBc01k4Br4bk4OAsZ08PL4IBQF7EiMsf617xIatwIavbgoeaZ91x2uta:7UigBMRbBi/MGQF7EiMe6xZtqbgoeY9s

    Score
    10/10
    asyncratsecurityhealthseurvicepersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks