04psi.zip

General
Target

04psi.zip

Size

100KB

Sample

201107-lxpdbv9h4n

Score
10 /10
MD5

ea211b888d483e9d624e7927aa6487bb

SHA1

e7cec3c59fb6055ad5c62e1178a96a84e01d2a93

SHA256

a10400d1b68c46db52f94a07b4e2714bbcf319778ee9eda05f6aab0e9f545c09

SHA512

5c4a0eebc6910a39503d80d7cdcdb2a977576a7fccba7319bfd6434df58ce2e54de2bc4bcc64f0e5141d98f46eba465c79ece11e83d857bb8f9e28fb70817f68

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://rexstat35xm.xyz/statweb577/

http://dexspot2cx.club/statweb577/

http://atxspot20cx.best/statweb577/

http://rexspot7xm.xyz/statweb577/

http://datasectex.com/statweb577/

http://servicem977xm.xyz/statweb577/

http://advertxman7cx.xyz/statweb577/

http://starxpush7xm.xyz/statweb577/

rc4.i32
rc4.i32

Extracted

Family dridex
Botnet 10111
C2

194.150.118.7:443

49.212.179.180:3889

69.64.62.4:4443

rc4.plain
rc4.plain
Targets
Target

04psi.exe

MD5

4bc2708122b1e43131888d1beee6c560

Filesize

237KB

Score
10 /10
SHA1

8a82caf8b8f908898145e953ef8f1e665e8058db

SHA256

3fc06d1926ada759903e4ebc197f9da5baa80fb8f729f34395dd7c67e2d58a8c

SHA512

fcf714de9ae1d23ebe054f601938653f9643dbbf288319b4c3b2872544dbb2c82c5db8a4abc64a146648da9f5b71760ce485c1b5935473d214736438dffc2749

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • CryptOne packer

    Description

    Detects CryptOne packer defined in NCC blogpost.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • JavaScript code in executable

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation