Overview

overview

9

Static

static

7

dridex

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    3c193974cba2761aff38a848a4e9f31b5c8fcdff40595c8db24be95af7af6f7a

  • Size

    5.8MB

  • Sample

    231127-j49fxafc5t

  • MD5

    f638388e90b248c8289fe001cd81c259

  • SHA1

    974e3496f915fa1ecc8dcaf97faaf3c9c3da099a

  • SHA256

    3c193974cba2761aff38a848a4e9f31b5c8fcdff40595c8db24be95af7af6f7a

  • SHA512

    1aa39336199b5362818cfc4a59e8bf0c957bd30b66b420af3593fa36d02e49571dd35c74ea92dabd14599ae7324e4ccfdb04f9b5ad4effec1e079c893d75cf2d

  • SSDEEP

    98304:rUnbzxgNgqVpbTYVgZoj47MZ5FV0ZIvY4mQj1zvJmCwz6GFqknoYv6bBDF1c7jdN:rUnbtgNvpbXZ778hsIvY6j1cfuGFqiou

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      3c193974cba2761aff38a848a4e9f31b5c8fcdff40595c8db24be95af7af6f7a

    • Size

      5.8MB

    • MD5

      f638388e90b248c8289fe001cd81c259

    • SHA1

      974e3496f915fa1ecc8dcaf97faaf3c9c3da099a

    • SHA256

      3c193974cba2761aff38a848a4e9f31b5c8fcdff40595c8db24be95af7af6f7a

    • SHA512

      1aa39336199b5362818cfc4a59e8bf0c957bd30b66b420af3593fa36d02e49571dd35c74ea92dabd14599ae7324e4ccfdb04f9b5ad4effec1e079c893d75cf2d

    • SSDEEP

      98304:rUnbzxgNgqVpbTYVgZoj47MZ5FV0ZIvY4mQj1zvJmCwz6GFqknoYv6bBDF1c7jdN:rUnbtgNvpbXZ778hsIvY6j1cfuGFqiou

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks