Overview

overview

9

Static

static

1

dridex

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a4dc2a85ba885d25ffe1ac296c79e7318caa86c0f2c189032c2504372b10864

  • Size

    3.4MB

  • Sample

    230321-q3aphscg8t

  • MD5

    a8d8c6cb8b9729374a464ad10af8788f

  • SHA1

    6b7e32b226233166b5e176c4d4bc1d43ac8f4945

  • SHA256

    5a4dc2a85ba885d25ffe1ac296c79e7318caa86c0f2c189032c2504372b10864

  • SHA512

    9ff32d0aa08104b0c80385a66901bea2e0aadb3aebb36f86867283fd20d21d4753179020cf1a574b88a884d3791583300e0dbfd6fc73b378e39884898219cf42

  • SSDEEP

    98304:EB/hPovhl+YHt0DJSZtAzc/K9gMus7RfRwUIq8DuznQ6:EzQm6EJzxl7RJwk8DuznQ6

Score
9/10
discoveryevasiontrojanupx

Malware Config

Targets

    • Target

      5a4dc2a85ba885d25ffe1ac296c79e7318caa86c0f2c189032c2504372b10864

    • Size

      3.4MB

    • MD5

      a8d8c6cb8b9729374a464ad10af8788f

    • SHA1

      6b7e32b226233166b5e176c4d4bc1d43ac8f4945

    • SHA256

      5a4dc2a85ba885d25ffe1ac296c79e7318caa86c0f2c189032c2504372b10864

    • SHA512

      9ff32d0aa08104b0c80385a66901bea2e0aadb3aebb36f86867283fd20d21d4753179020cf1a574b88a884d3791583300e0dbfd6fc73b378e39884898219cf42

    • SSDEEP

      98304:EB/hPovhl+YHt0DJSZtAzc/K9gMus7RfRwUIq8DuznQ6:EzQm6EJzxl7RJwk8DuznQ6

    Score
    9/10
    discoveryevasiontrojanupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks