dridex | d18d211cf75fbc048d785af92b76a1aa7a01e381313b1a5e66e9cf564cbe78d4 | Triage

Submit
Reports

Overview

overview

Static

static

lvkahex.exe

windows7_x64

lvkahex.exe

windows10_x64

Resubmissions

06-08-2020 16:20

200806-shy9z2vyl6 10

13-07-2020 16:07

200713-5c829sjcss 1

Sharing

General

Target

lvkahex.exe
Size

212KB
Sample

200806-shy9z2vyl6
MD5

fcfa6cfa2c5e883d36c5252da68c7963
SHA1

2539e653f36ed5a6fbf50a3631218923a9b8a512
SHA256

d18d211cf75fbc048d785af92b76a1aa7a01e381313b1a5e66e9cf564cbe78d4
SHA512

f3f2265ee25e73897ddebb8372b66d76b1f5167d14867c2b9e162f879b9686e9964a494b53d62ac32d209ad853840543523c41dafd6f08ca895beda4d5dc66d9

Score

10^/10

dridex 40400 botnet loader

Static task

static1

Behavioral task

behavioral1

Sample

lvkahex.exe

Resource

win7v200722

dridex 40400 botnet loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

lvkahex.exe

Resource

win10v200722

dridex 40400 botnet loader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

213.136.94.177:443

217.20.166.178:4664

37.205.9.252:8443

70.39.251.94:3889

rc4.plain

rc4.plain

Targets

- Target
  
  lvkahex.exe
- Size
  
  212KB
- MD5
  
  fcfa6cfa2c5e883d36c5252da68c7963
- SHA1
  
  2539e653f36ed5a6fbf50a3631218923a9b8a512
- SHA256
  
  d18d211cf75fbc048d785af92b76a1aa7a01e381313b1a5e66e9cf564cbe78d4
- SHA512
  
  f3f2265ee25e73897ddebb8372b66d76b1f5167d14867c2b9e162f879b9686e9964a494b53d62ac32d209ad853840543523c41dafd6f08ca895beda4d5dc66d9
Score

10^/10

dridex 40400 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Dridex Loader 'dmod' strings
  Detects 'dmod' strings in Dridex loader.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

dridex40400botnetloader

behavioral2

dridex40400botnetloader

© 2018-2024

Terms | Privacy