Overview

overview

8

Static

static

dridex

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3ed9ecec6769ab3d69b37f8b7f95e0ae67c02d8fb97ca041423023fd0fb4add

  • Size

    403KB

  • Sample

    221125-hwl5zadd3y

  • MD5

    3628c057a4cc96c7415df4dd6cb31b59

  • SHA1

    cca8659c2f66df451aaf300035d3c67f425fdaea

  • SHA256

    e3ed9ecec6769ab3d69b37f8b7f95e0ae67c02d8fb97ca041423023fd0fb4add

  • SHA512

    111fcf349d9ee22f2d77b48182964cb8c0615f0ab00d17addefc84a7caeb2569168b22b6dbebf12dcf503c8a9b7bec7ef4decc3d4fae7317448cb5f0f00b4b5f

  • SSDEEP

    6144:lw0pDStj6LZ+HHHhnnKsqNySq73cvXOwDEvmQnUO6M0KyfIzopVWCp4QJeARuddo:l7Voj8vqzbvqKnc8se2kBPW

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      e3ed9ecec6769ab3d69b37f8b7f95e0ae67c02d8fb97ca041423023fd0fb4add

    • Size

      403KB

    • MD5

      3628c057a4cc96c7415df4dd6cb31b59

    • SHA1

      cca8659c2f66df451aaf300035d3c67f425fdaea

    • SHA256

      e3ed9ecec6769ab3d69b37f8b7f95e0ae67c02d8fb97ca041423023fd0fb4add

    • SHA512

      111fcf349d9ee22f2d77b48182964cb8c0615f0ab00d17addefc84a7caeb2569168b22b6dbebf12dcf503c8a9b7bec7ef4decc3d4fae7317448cb5f0f00b4b5f

    • SSDEEP

      6144:lw0pDStj6LZ+HHHhnnKsqNySq73cvXOwDEvmQnUO6M0KyfIzopVWCp4QJeARuddo:l7Voj8vqzbvqKnc8se2kBPW

    Score
    8/10
    persistencevmprotect

    • Downloads MZ/PE file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks