36e377a0a7999f24ce2110311847d4c35fb43c39c8939fa218aaf06427315dba | Triage

Submit
Reports

Overview

overview

9

Static

static

1

dridex

windows10-1703-x64

9

Sharing

General

Target

36e377a0a7999f24ce2110311847d4c35fb43c39c8939fa218aaf06427315dba
Size

3.5MB
Sample

230329-w2xesahd59
MD5

f73ff75729d6b75e6471e831de9da26c
SHA1

d2ad907db9be23213a56841811bf3fdd40167e14
SHA256

36e377a0a7999f24ce2110311847d4c35fb43c39c8939fa218aaf06427315dba
SHA512

3fa2b19407fa423937a14777e50473f5783eeaafe901ac89525dcff84b2bbd076cbfa25bc5d8a0788520eee1ddfc439ce5a3b11828a55f49a3bd00c5028fac03
SSDEEP

49152:lkygYIBuLxcnsis7wVFEIRmQJcCT7KZLDMGLRwHyp9lcOP7UuziMddsruFXKQnLw:aYdxcnsEcI4QJhOOHyuM4u+UdJAqERL

Score

9^/10

discovery evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

36e377a0a7999f24ce2110311847d4c35fb43c39c8939fa218aaf06427315dba.exe

Resource

win10-20230220-en

discovery evasion trojan upx

windows10-1703-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  36e377a0a7999f24ce2110311847d4c35fb43c39c8939fa218aaf06427315dba
- Size
  
  3.5MB
- MD5
  
  f73ff75729d6b75e6471e831de9da26c
- SHA1
  
  d2ad907db9be23213a56841811bf3fdd40167e14
- SHA256
  
  36e377a0a7999f24ce2110311847d4c35fb43c39c8939fa218aaf06427315dba
- SHA512
  
  3fa2b19407fa423937a14777e50473f5783eeaafe901ac89525dcff84b2bbd076cbfa25bc5d8a0788520eee1ddfc439ce5a3b11828a55f49a3bd00c5028fac03
- SSDEEP
  
  49152:lkygYIBuLxcnsis7wVFEIRmQJcCT7KZLDMGLRwHyp9lcOP7UuziMddsruFXKQnLw:aYdxcnsEcI4QJhOOHyuM4u+UdJAqERL
Score

9^/10

discovery evasion trojan upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojanupx

© 2018-2025

Terms | Privacy