fb17777e718f2adc03db114f451282de316f96eba97841c8dff06614fbc4e254 | Triage

Submit
Reports

Overview

overview

8

Static

static

dridex

windows10-1703-x64

8

Sharing

General

Target

fb17777e718f2adc03db114f451282de316f96eba97841c8dff06614fbc4e254
Size

976KB
Sample

221126-lh1yrabc9w
MD5

5a8a97f16321051d1c313b284c798bdb
SHA1

73aa1fb21ad3f7baeac25b00927d2b9c7fdb35a9
SHA256

fb17777e718f2adc03db114f451282de316f96eba97841c8dff06614fbc4e254
SHA512

f33203a3ebaa65d56318ff2266f5e36819d2148a16c4cba4d47ee4a1576d800837acafc06c293dde45985c37b3acc0ad11a7e86c679b88681bb609327db2bde7
SSDEEP

12288:yjDOET/hM0s51zHivMS++WBPKIxbxRoh2stp24In9L+00e/IZwO8dwGxxaWcuJdc:IDOENMZcMhK8tRobe/8CdHxa7uJUp7

Score

8^/10

collection discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fb17777e718f2adc03db114f451282de316f96eba97841c8dff06614fbc4e254.exe

Resource

win10-20220812-en

collection discovery persistence spyware stealer

windows10-1703-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  fb17777e718f2adc03db114f451282de316f96eba97841c8dff06614fbc4e254
- Size
  
  976KB
- MD5
  
  5a8a97f16321051d1c313b284c798bdb
- SHA1
  
  73aa1fb21ad3f7baeac25b00927d2b9c7fdb35a9
- SHA256
  
  fb17777e718f2adc03db114f451282de316f96eba97841c8dff06614fbc4e254
- SHA512
  
  f33203a3ebaa65d56318ff2266f5e36819d2148a16c4cba4d47ee4a1576d800837acafc06c293dde45985c37b3acc0ad11a7e86c679b88681bb609327db2bde7
- SSDEEP
  
  12288:yjDOET/hM0s51zHivMS++WBPKIxbxRoh2stp24In9L+00e/IZwO8dwGxxaWcuJdc:IDOENMZcMhK8tRobe/8CdHxa7uJUp7
Score

8^/10

collection discovery persistence spyware stealer
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectiondiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy