Overview

overview

10

Static

static

7

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81f4e0d6a70f14c3e07241196bd7f5318e302c28c64ca4bb876f4e25fbc3e5d2

  • Size

    3.0MB

  • Sample

    230808-ljcybabf85

  • MD5

    608638750dcc078dbd10555303bcce9f

  • SHA1

    29cf6801805f4b3b643aefda8e3f0a71d041f37e

  • SHA256

    81f4e0d6a70f14c3e07241196bd7f5318e302c28c64ca4bb876f4e25fbc3e5d2

  • SHA512

    333d763d6008ae56c9c2383bff20443ebbbdeca525a62b4e3b7e1acebe260f36e0d806a43f4ea8781c1600707c8bb700760771ca2e9f3c10e2af987141227c58

  • SSDEEP

    49152:f8Owzrpem9UT6eAW6weX5Ktxyr/FJp8dQsJYMYMqu/oYwpXgsFOeRsbBhEg+BHyx:TwzrACbfW695Sg/FgdQsJYMY9u/o/pX

Score
10/10
sectopratratspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      81f4e0d6a70f14c3e07241196bd7f5318e302c28c64ca4bb876f4e25fbc3e5d2

    • Size

      3.0MB

    • MD5

      608638750dcc078dbd10555303bcce9f

    • SHA1

      29cf6801805f4b3b643aefda8e3f0a71d041f37e

    • SHA256

      81f4e0d6a70f14c3e07241196bd7f5318e302c28c64ca4bb876f4e25fbc3e5d2

    • SHA512

      333d763d6008ae56c9c2383bff20443ebbbdeca525a62b4e3b7e1acebe260f36e0d806a43f4ea8781c1600707c8bb700760771ca2e9f3c10e2af987141227c58

    • SSDEEP

      49152:f8Owzrpem9UT6eAW6weX5Ktxyr/FJp8dQsJYMYMqu/oYwpXgsFOeRsbBhEg+BHyx:TwzrACbfW695Sg/FgdQsJYMY9u/o/pX

    Score
    10/10
    sectopratratspywarestealerthemidatrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks