Overview

overview

10

Static

static

ptytmbdu.dll

windows7_x64

10

ptytmbdu.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ptytmbdu.dll

  • Size

    466KB

  • Sample

    201109-edapq7x6j2

  • MD5

    b0be7de75e36cc4322c757184cc6f3c8

  • SHA1

    09ff86f5dbaab94cef3278cc4801463ebe9cef01

  • SHA256

    fcd9abcb235ec7aea9a425394952653a57b44ba9233e934289d2b6892fac82b2

  • SHA512

    b3ef6e0097399eff439bcda580c7ad08126dae194cbe5858d99aac1ccf91d56fcf7c2a9faa8246fbd8e06a47692be15ddb358f4f5f4e824ad97d20b5129c2586

Score
10/10
dridex10444botnetdiscoveryevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

38.88.126.131:443

145.239.169.32:8443

163.172.7.152:443

45.79.135.98:691
rc4.plain
rc4.plain

Targets

    • Target

      ptytmbdu.dll

    • Size

      466KB

    • MD5

      b0be7de75e36cc4322c757184cc6f3c8

    • SHA1

      09ff86f5dbaab94cef3278cc4801463ebe9cef01

    • SHA256

      fcd9abcb235ec7aea9a425394952653a57b44ba9233e934289d2b6892fac82b2

    • SHA512

      b3ef6e0097399eff439bcda580c7ad08126dae194cbe5858d99aac1ccf91d56fcf7c2a9faa8246fbd8e06a47692be15ddb358f4f5f4e824ad97d20b5129c2586

    Score
    10/10
    dridex10444botnetdiscoveryevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks