Overview

overview

10

Static

static

sample.exe

windows7_x64

10

sample.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a8429e12437ff33866dfbcdc31059e69ffd1e1f15bf3e76d49564050484b3ee.bin.gz

  • Size

    212KB

  • Sample

    200901-yh4hp3bx8x

  • MD5

    e4659c0cfe30a02c96c9ccca02d26edb

  • SHA1

    c0c57f60026cfcb9cec3fe6872720299e672734b

  • SHA256

    261e40a34eee0773af585127232fde139bb320028a3f97a9985d55deb657af66

  • SHA512

    1cb8ad9abc0b3408bf5f416f9fb4a4bc62d548a5fff4b4809a0534931f033d9e684f154dc077497e2adb274edb447b5aff1880b1b8938668275191338f6136ae

Score
10/10
dridex40400botnetloader

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

51.38.124.206:443

207.180.230.218:3389

2.58.16.87:8443

45.177.120.36:691
rc4.plain
rc4.plain

Targets

    • Target

      sample

    • Size

      212KB

    • MD5

      db406b5f94c217e5a3069748ccffd1d4

    • SHA1

      7f0934b06e160576403b50ba2065c13d4dd7c7f5

    • SHA256

      4a8429e12437ff33866dfbcdc31059e69ffd1e1f15bf3e76d49564050484b3ee

    • SHA512

      4bda80b78b0d7e19d1146a8b95b7ddb151b8e78f33d96b41ea23d88e54fb73958e4c4cf78d4288aae934a6a710d3c741395ebbeabefdada57c7f1b3b3bd5df8f

    Score
    10/10
    dridex40400botnetloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Dridex Loader 'dmod' strings

      Detects 'dmod' strings in Dridex loader.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks