b7c5eef6c5e9dd1af0cfe0e201f9d52f77f2df1ca2af487f60fa77ab03272ac6 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

b7c5eef6c5e9dd1af0cfe0e201f9d52f77f2df1ca2af487f60fa77ab03272ac6
Size

1.0MB
Sample

230421-d5kw2sdh68
MD5

1d1c1ba5e448a21d7aa7ce71221fa3de
SHA1

a3ccb891b97aa22c29fe7547eadfcf1b69e5c5c2
SHA256

b7c5eef6c5e9dd1af0cfe0e201f9d52f77f2df1ca2af487f60fa77ab03272ac6
SHA512

d6c839ab985dab68ac1ea1ac8ad52561ca606621ccf6c1063ffb30605e64c58d985324c0b6563e1a55ddf9317623b9948b1d2ce04159b824ffdd433a4276126f
SSDEEP

24576:HyV7C2a4dVFM0qPA40Uxlovm2+5zPnw6ihKQFN/:SVG2auHnqPgUc9+5zPJ6KAN

Score

10^/10

discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

b7c5eef6c5e9dd1af0cfe0e201f9d52f77f2df1ca2af487f60fa77ab03272ac6.exe

Resource

win10v2004-20230220-en

discovery evasion persistence spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  b7c5eef6c5e9dd1af0cfe0e201f9d52f77f2df1ca2af487f60fa77ab03272ac6
- Size
  
  1.0MB
- MD5
  
  1d1c1ba5e448a21d7aa7ce71221fa3de
- SHA1
  
  a3ccb891b97aa22c29fe7547eadfcf1b69e5c5c2
- SHA256
  
  b7c5eef6c5e9dd1af0cfe0e201f9d52f77f2df1ca2af487f60fa77ab03272ac6
- SHA512
  
  d6c839ab985dab68ac1ea1ac8ad52561ca606621ccf6c1063ffb30605e64c58d985324c0b6563e1a55ddf9317623b9948b1d2ce04159b824ffdd433a4276126f
- SSDEEP
  
  24576:HyV7C2a4dVFM0qPA40Uxlovm2+5zPnw6ihKQFN/:SVG2auHnqPgUc9+5zPJ6KAN
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy