dridex | 7629b2e44020de99d74665b6afb0877f1f9b192714302eff3a6b38f61f2d79f2 | Triage

Submit
Reports

Overview

overview

Static

static

cooperjcw.exe

windows7_x64

cooperjcw.exe

windows10_x64

Resubmissions

06-08-2020 16:19

200806-kxq8wh7s8j 10

14-07-2020 14:41

200714-djzz6adke6 1

Sharing

General

Target

cooperjcw.exe
Size

212KB
Sample

200806-kxq8wh7s8j
MD5

c654b38c47cc16248ae712947d6dd4aa
SHA1

f9612831c0a09fd497472a61a32430c981bdee97
SHA256

7629b2e44020de99d74665b6afb0877f1f9b192714302eff3a6b38f61f2d79f2
SHA512

47b6e10d795d01cf28f067e737a7ae43fad8a6b8195cae1ad04aa6104e2a1af1ccc813d2861155d865a9c4b713b32463e2cec737d77398fa7ae1f1a517f44c01

Score

10^/10

dridex 40400 botnet loader

Static task

static1

Behavioral task

behavioral1

Sample

cooperjcw.exe

Resource

win7

dridex 40400 botnet loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cooperjcw.exe

Resource

win10v200722

dridex 40400 botnet loader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

59.148.253.194:443

207.180.230.218:3389

2.58.16.87:8443

rc4.plain

rc4.plain

Targets

- Target
  
  cooperjcw.exe
- Size
  
  212KB
- MD5
  
  c654b38c47cc16248ae712947d6dd4aa
- SHA1
  
  f9612831c0a09fd497472a61a32430c981bdee97
- SHA256
  
  7629b2e44020de99d74665b6afb0877f1f9b192714302eff3a6b38f61f2d79f2
- SHA512
  
  47b6e10d795d01cf28f067e737a7ae43fad8a6b8195cae1ad04aa6104e2a1af1ccc813d2861155d865a9c4b713b32463e2cec737d77398fa7ae1f1a517f44c01
Score

10^/10

dridex 40400 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Dridex Loader 'dmod' strings
  Detects 'dmod' strings in Dridex loader.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

dridex40400botnetloader

behavioral2

dridex40400botnetloader

© 2018-2024

Terms | Privacy