Overview

overview

9

Static

static

1

dridex

windows10-1703-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    dcc3e7ebf734b3537bc1dfcbdd473825722db62f31861b842eb44efad889c1b9

  • Size

    3.4MB

  • Sample

    230319-e8cwaaha3v

  • MD5

    2c02c404adc9deb62f0f9fe8f893ad5e

  • SHA1

    2735029edd0d29c433b20c0ef91b043241a9a054

  • SHA256

    dcc3e7ebf734b3537bc1dfcbdd473825722db62f31861b842eb44efad889c1b9

  • SHA512

    cfa047a9888cc0bd297d5b10d19fc08c79e8349722890289d29c143187eff03a7271d17a123df4cbe701521b4f55e139d3c08c15d041c4a8dfdbd170db17f37b

  • SSDEEP

    49152:jr1c7Kvf8e9HTgXHXayMSTQ5c1ztH9rDDQvOJRg05T0Oa/rm2ho8IucxzrurVloz:oKvfd94XayMT5sH9M0aS8o9uWyUhHy+

Score
9/10
discoveryevasiontrojanupx

Malware Config

Targets

    • Target

      dcc3e7ebf734b3537bc1dfcbdd473825722db62f31861b842eb44efad889c1b9

    • Size

      3.4MB

    • MD5

      2c02c404adc9deb62f0f9fe8f893ad5e

    • SHA1

      2735029edd0d29c433b20c0ef91b043241a9a054

    • SHA256

      dcc3e7ebf734b3537bc1dfcbdd473825722db62f31861b842eb44efad889c1b9

    • SHA512

      cfa047a9888cc0bd297d5b10d19fc08c79e8349722890289d29c143187eff03a7271d17a123df4cbe701521b4f55e139d3c08c15d041c4a8dfdbd170db17f37b

    • SSDEEP

      49152:jr1c7Kvf8e9HTgXHXayMSTQ5c1ztH9rDDQvOJRg05T0Oa/rm2ho8IucxzrurVloz:oKvfd94XayMT5sH9M0aS8o9uWyUhHy+

    Score
    9/10
    discoveryevasiontrojanupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks