Overview

overview

8

Static

static

dridex

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bd8aad6f37edcc57c1b6910b13dd46674b3550a9e26ff549bff7c379c4b20f0

  • Size

    655KB

  • Sample

    221123-kj93dace9t

  • MD5

    2ad02c3e1cb7a5fbbe3d14338d5d5e03

  • SHA1

    e7e5b3996502beae37d681766e58063773b1c385

  • SHA256

    8bd8aad6f37edcc57c1b6910b13dd46674b3550a9e26ff549bff7c379c4b20f0

  • SHA512

    19fb2ed1d6f811ad54558453385625614a378aa5cd2dbe464b648abc444d15f3758c74e8301e935b114a105259fe7df2fcc6a8a500e90b14a3f157ef49551c16

  • SSDEEP

    12288:d4o51BciOj8M4CvPn6QGny7uCc5xo5qEE:ptvMVvPHmc3y

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      8bd8aad6f37edcc57c1b6910b13dd46674b3550a9e26ff549bff7c379c4b20f0

    • Size

      655KB

    • MD5

      2ad02c3e1cb7a5fbbe3d14338d5d5e03

    • SHA1

      e7e5b3996502beae37d681766e58063773b1c385

    • SHA256

      8bd8aad6f37edcc57c1b6910b13dd46674b3550a9e26ff549bff7c379c4b20f0

    • SHA512

      19fb2ed1d6f811ad54558453385625614a378aa5cd2dbe464b648abc444d15f3758c74e8301e935b114a105259fe7df2fcc6a8a500e90b14a3f157ef49551c16

    • SSDEEP

      12288:d4o51BciOj8M4CvPn6QGny7uCc5xo5qEE:ptvMVvPHmc3y

    Score
    8/10
    persistencevmprotect

    • Downloads MZ/PE file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks