Overview

overview

10

Static

static

4801b61a1d...65.dll

windows7_x64

10

4801b61a1d...65.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4801b61a1dc7a14b4c2efc9840a933b7dbfc595cca11bca2632f7e59a0624c65.zip

  • Size

    424KB

  • Sample

    201105-p18vz5a4ej

  • MD5

    50a955a414379fb1e6f3b5689ffcb41d

  • SHA1

    b5a76af12ad125bcc019fd68b754230ad896e65a

  • SHA256

    0be38e2beca10be18da5711dd49430fd3f427c857fc4b9d05c42de9d95801cad

  • SHA512

    394e8f06c3065c6f89ef8331a1280e4e0cc1f4efdcdc99b55e9db562fa4d16186ec38349e701e33bdb020fd1599b29fb2cf8fe1ded8b7781b410c6dcb4f20f9f

Score
10/10
dridex10444botnetdiscoveryevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

195.154.237.245:443

46.105.131.73:8172

91.238.160.158:18443

213.183.128.99:3786
rc4.plain
rc4.plain

Targets

    • Target

      4801b61a1dc7a14b4c2efc9840a933b7dbfc595cca11bca2632f7e59a0624c65.dll

    • Size

      572KB

    • MD5

      f6e9f6de099449b84d37f8c9c959c0a3

    • SHA1

      407a7e9d982caea11ebb525d1bd51e2617febe74

    • SHA256

      4801b61a1dc7a14b4c2efc9840a933b7dbfc595cca11bca2632f7e59a0624c65

    • SHA512

      8027bd6e4f7ea23d435fa3654c793b34c715bc2b4a2915df78e4f227d9a3f782de5e7bea86c9dcd8cefd612ac5a8ff4d28f1d3d6c6a3a1d6b89863ef94575fc9

    Score
    10/10
    dridex10444botnetdiscoveryevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks