ee877647d23c835b4482efeb78b33e723b6e934c49f08875edb0b2f917714d62 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

dridex

windows10-1703-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

ee877647d23c835b4482efeb78b33e723b6e934c49f08875edb0b2f917714d62
Size

3.4MB
Sample

230327-p39m6sde28
MD5

85f23efac59a342c83a599b27c7955c9
SHA1

832dbad4bfadd9f3fffed538ac878b7cb7e3261e
SHA256

ee877647d23c835b4482efeb78b33e723b6e934c49f08875edb0b2f917714d62
SHA512

dbc79fb13564ee76a9c6330da4e402998f0de0d28b84fb40766cb0023a0976b1a37bce04793f536f8c7d142b69d2a8459bae11cb2f284588206ba3bf9d2c8548
SSDEEP

49152:MfIGEciXT1SMTEGUlayCd1XlOrUcwFY92eg6zBCYUFQumEeBAoCuYXMYo3js:LcmEZlaPfUwbYIelzBLU3vqCRs

Score

9^/10

discovery evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ee877647d23c835b4482efeb78b33e723b6e934c49f08875edb0b2f917714d62.exe

Resource

win10-20230220-en

discovery evasion trojan upx

windows10-1703-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee877647d23c835b4482efeb78b33e723b6e934c49f08875edb0b2f917714d62
- Size
  
  3.4MB
- MD5
  
  85f23efac59a342c83a599b27c7955c9
- SHA1
  
  832dbad4bfadd9f3fffed538ac878b7cb7e3261e
- SHA256
  
  ee877647d23c835b4482efeb78b33e723b6e934c49f08875edb0b2f917714d62
- SHA512
  
  dbc79fb13564ee76a9c6330da4e402998f0de0d28b84fb40766cb0023a0976b1a37bce04793f536f8c7d142b69d2a8459bae11cb2f284588206ba3bf9d2c8548
- SSDEEP
  
  49152:MfIGEciXT1SMTEGUlayCd1XlOrUcwFY92eg6zBCYUFQumEeBAoCuYXMYo3js:LcmEZlaPfUwbYIelzBLU3vqCRs
Score

9^/10

discovery evasion trojan upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojanupx

© 2018-2025

Terms | Privacy