565dd3480c46a027b68f9fecebd01c3656c5f852935b128a0242328708ebdc9f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

565dd3480c46a027b68f9fecebd01c3656c5f852935b128a0242328708ebdc9f
Size

480KB
Sample

230505-l5zzzabc7z
MD5

c83ea285205896d468025ab6e0b1b3d0
SHA1

42cb1211da1973b6ab020c99a2604629a4a345d7
SHA256

565dd3480c46a027b68f9fecebd01c3656c5f852935b128a0242328708ebdc9f
SHA512

c127c8db468a49efef812a518f0d4801a031b6659f0183f4405b422ced6114095cdee65a679aeda3a96aab14d87739828d6831e57717e1358697a93d0037c5a2
SSDEEP

12288:wMruy90ivQdSKqJvMixh6vsPthdNp9IK7QcEpy5S:OyVvILqJ9xhsYPdDSK7Ds/

Score

10^/10

discovery evasion persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

565dd3480c46a027b68f9fecebd01c3656c5f852935b128a0242328708ebdc9f.exe

Resource

win10v2004-20230220-en

discovery evasion persistence spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  565dd3480c46a027b68f9fecebd01c3656c5f852935b128a0242328708ebdc9f
- Size
  
  480KB
- MD5
  
  c83ea285205896d468025ab6e0b1b3d0
- SHA1
  
  42cb1211da1973b6ab020c99a2604629a4a345d7
- SHA256
  
  565dd3480c46a027b68f9fecebd01c3656c5f852935b128a0242328708ebdc9f
- SHA512
  
  c127c8db468a49efef812a518f0d4801a031b6659f0183f4405b422ced6114095cdee65a679aeda3a96aab14d87739828d6831e57717e1358697a93d0037c5a2
- SSDEEP
  
  12288:wMruy90ivQdSKqJvMixh6vsPthdNp9IK7QcEpy5S:OyVvILqJ9xhsYPdDSK7Ds/
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy