Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16c2fcaa5e005e11b6d8d31ed19e33dd7038290c4544e0dd2c3f61e9980350f7

  • Size

    6KB

  • Sample

    221217-h8elnagc79

  • MD5

    6a244b5702240177bfb14ea0acf83766

  • SHA1

    e6a432e8c6a4eeb939324871c665fe0f87a5a9ab

  • SHA256

    16c2fcaa5e005e11b6d8d31ed19e33dd7038290c4544e0dd2c3f61e9980350f7

  • SHA512

    18b5f212affedf093fb745718f62cf49840749c6044952aa0553e81058f98a2c894f0b58911196826118564936a429aeec65a0ca6f1650f8915b0457fc16d0b6

  • SSDEEP

    96:Q79rLL1bhycG8W2mO8YKNXJnk538t/8nBRt9Tgd3oj9mrl:29rLL1bhych87NXJnu38t/8nHEdA2

Score
10/10
asyncratwindowsdefendersmarttscreenpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

WindowsDefenderSmarttScreen

C2

217.64.31.3:9742

Mutex

WindowsDefenderSmarttScreen

Attributes
  • delay

    1

  • install

    false

  • install_file

    WindowsDefenderSmarttScreen.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      16c2fcaa5e005e11b6d8d31ed19e33dd7038290c4544e0dd2c3f61e9980350f7

    • Size

      6KB

    • MD5

      6a244b5702240177bfb14ea0acf83766

    • SHA1

      e6a432e8c6a4eeb939324871c665fe0f87a5a9ab

    • SHA256

      16c2fcaa5e005e11b6d8d31ed19e33dd7038290c4544e0dd2c3f61e9980350f7

    • SHA512

      18b5f212affedf093fb745718f62cf49840749c6044952aa0553e81058f98a2c894f0b58911196826118564936a429aeec65a0ca6f1650f8915b0457fc16d0b6

    • SSDEEP

      96:Q79rLL1bhycG8W2mO8YKNXJnk538t/8nBRt9Tgd3oj9mrl:29rLL1bhych87NXJnu38t/8nHEdA2

    Score
    10/10
    asyncratwindowsdefendersmarttscreenpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks