Overview

overview

10

Static

static

8fca7af21a...e2.exe

windows7_x64

10

8fca7af21a...e2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fca7af21a18eea054de86c2b061f3e2.exe

  • Size

    240KB

  • Sample

    201109-bwlazgctcj

  • MD5

    8fca7af21a18eea054de86c2b061f3e2

  • SHA1

    755b411db2474faf2d7c967e8656c540d083351a

  • SHA256

    055f7e7b22e851afae09773a609a4f354e2dd8455b2eaf2301eb3d8701b60936

  • SHA512

    1e57a026892bf2bfc147d53a5aa3b447b33f516bb068232a4b1c443636e7f912ad9f657e6f4aab9d80b63688ede27e201ef2799368f2d9e7d4fae29500c30b23

Score
10/10
dridex40400botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

111.67.68.5:443

178.254.40.33:3389

172.86.183.147:691

107.161.25.120:8443
rc4.plain
rc4.plain

Targets

    • Target

      8fca7af21a18eea054de86c2b061f3e2.exe

    • Size

      240KB

    • MD5

      8fca7af21a18eea054de86c2b061f3e2

    • SHA1

      755b411db2474faf2d7c967e8656c540d083351a

    • SHA256

      055f7e7b22e851afae09773a609a4f354e2dd8455b2eaf2301eb3d8701b60936

    • SHA512

      1e57a026892bf2bfc147d53a5aa3b447b33f516bb068232a4b1c443636e7f912ad9f657e6f4aab9d80b63688ede27e201ef2799368f2d9e7d4fae29500c30b23

    Score
    10/10
    dridex40400botnetloaderevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks