dridex | 73542918c46a8a028d9a19169f5cb4fa09f3ea609085e3efd5324d07254d7280 | Triage

Sharing

General

Target

73542918c46a8a028d9a19169f5cb4fa09f3ea609085e3efd5324d07254d7280.vbs
Size

4.8MB
Sample

200812-xxh6fkgk92
MD5

0b421211722f02d8274abac42e7c4fd9
SHA1

28c36d73c060fb2840ea9f457b8d6f5c88c304ab
SHA256

73542918c46a8a028d9a19169f5cb4fa09f3ea609085e3efd5324d07254d7280
SHA512

91ab352f3d7104d4556d90a2a258e5dd5a9c6fdff31498c8ccc31184569d000b1ed01890a7ee5639d477423374da395de1961205685ba25e95bb1898050b122e

Score

10^/10

dridex 20445 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

20445

C2

213.136.94.177:443

91.83.93.219:3389

37.205.9.252:8443

213.192.1.171:4646

rc4.plain

rc4.plain

Targets

- Target
  
  73542918c46a8a028d9a19169f5cb4fa09f3ea609085e3efd5324d07254d7280.vbs
- Size
  
  4.8MB
- MD5
  
  0b421211722f02d8274abac42e7c4fd9
- SHA1
  
  28c36d73c060fb2840ea9f457b8d6f5c88c304ab
- SHA256
  
  73542918c46a8a028d9a19169f5cb4fa09f3ea609085e3efd5324d07254d7280
- SHA512
  
  91ab352f3d7104d4556d90a2a258e5dd5a9c6fdff31498c8ccc31184569d000b1ed01890a7ee5639d477423374da395de1961205685ba25e95bb1898050b122e
Score

10^/10

dridex 20445 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex20445botnetloader