Overview

overview

9

Static

static

3

dridex

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    78a2f84f683c6764f5efe5e083b538e944cdb645b2a0ed9ec968644f59aa460b

  • Size

    169KB

  • Sample

    230522-y7e4ssdc4z

  • MD5

    e2ca6f8e77cbaa4a7adf56242880a30c

  • SHA1

    3e97fefef460224557d2ef8671a66b82dd63d021

  • SHA256

    78a2f84f683c6764f5efe5e083b538e944cdb645b2a0ed9ec968644f59aa460b

  • SHA512

    5de2d73a8c97c78576b9d91772fe43c88cbff27fe640ef650d85ba3c98ceefb873ccb62bafa7c1fe088eb902963882c12fd6c4625160f693a2290448619a803b

  • SSDEEP

    1536:/6TizBVEjB1904v70xbWlMjUUdIDfY+pn72VmUl4tIk6o9NbWNEqp01Zhi6Tiz:/6mzBjGKbS0cfPp25wNF71Zhi6mz

Score
9/10
collectionevasionpersistencespywarestealerupx

Malware Config

Targets

    • Target

      78a2f84f683c6764f5efe5e083b538e944cdb645b2a0ed9ec968644f59aa460b

    • Size

      169KB

    • MD5

      e2ca6f8e77cbaa4a7adf56242880a30c

    • SHA1

      3e97fefef460224557d2ef8671a66b82dd63d021

    • SHA256

      78a2f84f683c6764f5efe5e083b538e944cdb645b2a0ed9ec968644f59aa460b

    • SHA512

      5de2d73a8c97c78576b9d91772fe43c88cbff27fe640ef650d85ba3c98ceefb873ccb62bafa7c1fe088eb902963882c12fd6c4625160f693a2290448619a803b

    • SSDEEP

      1536:/6TizBVEjB1904v70xbWlMjUUdIDfY+pn72VmUl4tIk6o9NbWNEqp01Zhi6Tiz:/6mzBjGKbS0cfPp25wNF71Zhi6mz

    Score
    9/10
    collectionevasionpersistencespywarestealerupx

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Sets DLL path for service in the registry

      persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Allows Network login with blank passwords

      Allows local user accounts with blank passwords to access device from the network.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies WinLogon

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks