2ea5f6e04f91a09e233ade31fed3b3c87702a5a5c11e7c01cc569348e8ebaafd | Triage

Submit
Reports

Overview

overview

9

Static

static

1

dridex

windows10-1703-x64

9

Sharing

General

Target

2ea5f6e04f91a09e233ade31fed3b3c87702a5a5c11e7c01cc569348e8ebaafd
Size

3.4MB
Sample

230327-26ba1ahf8t
MD5

08899c2e8bf3307f7e7b9a04034084fa
SHA1

9b7e679eadb12fb51e73adac88cc3dae66eb366f
SHA256

2ea5f6e04f91a09e233ade31fed3b3c87702a5a5c11e7c01cc569348e8ebaafd
SHA512

d373f3ff3862a286c1afb41acb1febacef7e26161e6f113f0600c013dd8466c4a1a4931072654479b9a8d13f1aa384851e8657a0c75b9037dde70b56489bc9a8
SSDEEP

98304:cJuR21C/yIq/dhl/O4i/TksjdFwvhzjMSwRVu:c8D/yIqlhlW4i/QsnwZzjMSeVu

Score

9^/10

discovery evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

2ea5f6e04f91a09e233ade31fed3b3c87702a5a5c11e7c01cc569348e8ebaafd.exe

Resource

win10-20230220-en

discovery evasion trojan upx

windows10-1703-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ea5f6e04f91a09e233ade31fed3b3c87702a5a5c11e7c01cc569348e8ebaafd
- Size
  
  3.4MB
- MD5
  
  08899c2e8bf3307f7e7b9a04034084fa
- SHA1
  
  9b7e679eadb12fb51e73adac88cc3dae66eb366f
- SHA256
  
  2ea5f6e04f91a09e233ade31fed3b3c87702a5a5c11e7c01cc569348e8ebaafd
- SHA512
  
  d373f3ff3862a286c1afb41acb1febacef7e26161e6f113f0600c013dd8466c4a1a4931072654479b9a8d13f1aa384851e8657a0c75b9037dde70b56489bc9a8
- SSDEEP
  
  98304:cJuR21C/yIq/dhl/O4i/TksjdFwvhzjMSwRVu:c8D/yIqlhlW4i/QsnwZzjMSeVu
Score

9^/10

discovery evasion trojan upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

File Permissions Modification

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasiontrojanupx

© 2018-2024

Terms | Privacy