6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28
Size

2.6MB
Sample

221113-r3s2jabd28
MD5

b5d020046c84c4cc22ce979dce7b53bf
SHA1

a76f5ea5ab510492f4e322fece1e826c16955045
SHA256

6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28
SHA512

a834168b2e9475265b7f1b44d1606570119deaa0bd6bd5dbc36e9b7beb015393d03fecdad8e0fd15364c3fc004173f55a307e81623e651aab5c191fd3f929b2d
SSDEEP

49152:u+3fG3P8gy3i7wyLsdPPHMCsh8b1wvFCysv6uuCZxfllJjM3KL6hU0A7vO4GIdED:u+u0gy3McPHRsVkysNuAlM3+nvSIdED

Score

10^/10

discovery evasion exploit

Static task

static1

Behavioral task

behavioral1

Sample

6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28.exe

Resource

win10v2004-20220812-en

discovery evasion exploit

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28
- Size
  
  2.6MB
- MD5
  
  b5d020046c84c4cc22ce979dce7b53bf
- SHA1
  
  a76f5ea5ab510492f4e322fece1e826c16955045
- SHA256
  
  6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28
- SHA512
  
  a834168b2e9475265b7f1b44d1606570119deaa0bd6bd5dbc36e9b7beb015393d03fecdad8e0fd15364c3fc004173f55a307e81623e651aab5c191fd3f929b2d
- SSDEEP
  
  49152:u+3fG3P8gy3i7wyLsdPPHMCsh8b1wvFCysv6uuCZxfllJjM3KL6hU0A7vO4GIdED:u+u0gy3McPHRsVkysNuAlM3+nvSIdED
Score

10^/10

discovery evasion exploit
- Modifies security service
  evasion
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

© 2018-2024

Terms | Privacy