drokbk | 29dc4cae5f08c215d57893483b5b42cb00a2d0e7d8361cda9feeaf515f8b5d9e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

29dc4cae5f...9e.exe

windows7-x64

29dc4cae5f...9e.exe

windows10-2004-x64

Sharing

General

Target

29dc4cae5f08c215d57893483b5b42cb00a2d0e7d8361cda9feeaf515f8b5d9e
Size

22KB
Sample

240410-l37l2abg25
MD5

8c8e184c280db126e6fcfcc507aea925
SHA1

aefab35127292cbe0e1d8a1a2fa7c39c9d72f2ea
SHA256

29dc4cae5f08c215d57893483b5b42cb00a2d0e7d8361cda9feeaf515f8b5d9e
SHA512

eef639853fb52b011fb73dfb3af663d1a2bb11e10fe14c6fc4fbae320ee60d74fb452bbe9af4959930e616025ce213e61614147ea5ee5de466b682c42ac312f2
SSDEEP

384:We4xxecfPta20La2aaX3jcMq+jsT3N/a20TPhAPhknomo7ptYcFwVc03K:We4ec/2IT3+howcltYcFwVc6K

Score

10^/10

drokbk backdoor dropper persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

29dc4cae5f08c215d57893483b5b42cb00a2d0e7d8361cda9feeaf515f8b5d9e.exe

Resource

win7-20240319-en

drokbk backdoor dropper persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

29dc4cae5f08c215d57893483b5b42cb00a2d0e7d8361cda9feeaf515f8b5d9e.exe

Resource

win10v2004-20240226-en

drokbk backdoor dropper persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  29dc4cae5f08c215d57893483b5b42cb00a2d0e7d8361cda9feeaf515f8b5d9e
- Size
  
  22KB
- MD5
  
  8c8e184c280db126e6fcfcc507aea925
- SHA1
  
  aefab35127292cbe0e1d8a1a2fa7c39c9d72f2ea
- SHA256
  
  29dc4cae5f08c215d57893483b5b42cb00a2d0e7d8361cda9feeaf515f8b5d9e
- SHA512
  
  eef639853fb52b011fb73dfb3af663d1a2bb11e10fe14c6fc4fbae320ee60d74fb452bbe9af4959930e616025ce213e61614147ea5ee5de466b682c42ac312f2
- SSDEEP
  
  384:We4xxecfPta20La2aaX3jcMq+jsT3N/a20TPhAPhknomo7ptYcFwVc03K:We4ec/2IT3+howcltYcFwVc6K
Score

10^/10

drokbk backdoor dropper persistence
- Drokbk
  Drokbk is a custom .NET dropper and backdoor.
  dropper backdoor drokbk
- Drokbk payload
- Creates new service(s)
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

drokbkbackdoordropperpersistence

behavioral2

drokbkbackdoordropperpersistence

© 2018-2025

Terms | Privacy