Overview

overview

10

Static

static

1

Dr1v3r.7z

windows7-x64

3

Dr1v3r.reg

windows7-x64

10

Resubmissions

16/10/2023, 18:23

231016-w1yapaed61 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Dr1v3r.7z

  • Size

    5.9MB

  • Sample

    231016-w1yapaed61

  • MD5

    d82ece434c67bb2fbbda397ac61bfc14

  • SHA1

    c7d9ab9437b56dff167e5dccbf324a5f28a5c35d

  • SHA256

    9281a5e014f82cbbaba57fd27a0eaaff9a81ec282105499d297cf0f79fb434b2

  • SHA512

    11e8157db0beea2e317d74800d1f31348be38ce2159b62ebfe0c77844c43f14a58697645cf535c0198fc31833229794283246e63aa56179f9dddd832eddcb24f

  • SSDEEP

    98304:jXCPvDLDq/dTGL4WvaS8x0FJdsrKmJZOCZW+4Pg1hIv/lsFJs0j4X8ePvkzEg7:TCPbnq/hL4H8ApFCZfjs/I42Qg7

Score
10/10
adwareevasionpersistencestealertrojan

Malware Config

Targets

    • Target

      Dr1v3r.7z

    • Size

      5.9MB

    • MD5

      d82ece434c67bb2fbbda397ac61bfc14

    • SHA1

      c7d9ab9437b56dff167e5dccbf324a5f28a5c35d

    • SHA256

      9281a5e014f82cbbaba57fd27a0eaaff9a81ec282105499d297cf0f79fb434b2

    • SHA512

      11e8157db0beea2e317d74800d1f31348be38ce2159b62ebfe0c77844c43f14a58697645cf535c0198fc31833229794283246e63aa56179f9dddd832eddcb24f

    • SSDEEP

      98304:jXCPvDLDq/dTGL4WvaS8x0FJdsrKmJZOCZW+4Pg1hIv/lsFJs0j4X8ePvkzEg7:TCPbnq/hL4H8ApFCZfjs/I42Qg7

    Score
    3/10
    behavioral1

    • Target

      Dr1v3r.reg

    • Size

      221.4MB

    • MD5

      77c8dfe85df5051c324ce2c38b1da899

    • SHA1

      38162fa8f1e00caf881ae768ea16a70224972c23

    • SHA256

      02fa2f68991f644c88a3938e6232d59f940234a895b3c4d6ed8ab6ae9bd95029

    • SHA512

      6550a49234229c403d17410af54d3deaa479d29398ef84b09f78878abb244e77123fb55418d7cf9419a25b5244f7a1169f32369ee2e61419c1f1b429c080d4d4

    • SSDEEP

      49152:P0FkhwPaILsQEK+qteewwh6LljbmI0UWzeZRu+bLymppKvg5FD3Rhw5QUpQP:P

    Score
    10/10
    adwareevasionpersistencestealertrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • UAC bypass

      evasiontrojan

    • Modifies Installed Components in the registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

4
T1547.001

Browser Extensions

1
T1176

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

4
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

9
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks