Overview

overview

10

Static

static

3760e6d34e...88.exe

windows7_x64

10

3760e6d34e...88.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3760e6d34e747479189f4ac2584d5688.exe

  • Size

    212KB

  • Sample

    201109-hvqgj8k572

  • MD5

    3760e6d34e747479189f4ac2584d5688

  • SHA1

    3e8a9c4bad3fca630b220e6f7b5f017edaba1bc9

  • SHA256

    5b4e56b4e7f014e7b4febd123e4876b2af4c23a74c17b7986969f07798a089cb

  • SHA512

    a4306fc2a5ef135af292cb833858e060e463cccceb6d8839527a0c278b0c159504c82bba3a02d366c97ca06a70db7dbbfca22f63f2ce7d5563fdbc1720488a8e

Score
10/10
dridex40400botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

38.88.126.131:443

145.239.169.32:8443

163.172.7.152:443

45.79.135.98:691
rc4.plain
rc4.plain

Targets

    • Target

      3760e6d34e747479189f4ac2584d5688.exe

    • Size

      212KB

    • MD5

      3760e6d34e747479189f4ac2584d5688

    • SHA1

      3e8a9c4bad3fca630b220e6f7b5f017edaba1bc9

    • SHA256

      5b4e56b4e7f014e7b4febd123e4876b2af4c23a74c17b7986969f07798a089cb

    • SHA512

      a4306fc2a5ef135af292cb833858e060e463cccceb6d8839527a0c278b0c159504c82bba3a02d366c97ca06a70db7dbbfca22f63f2ce7d5563fdbc1720488a8e

    Score
    10/10
    dridex40400botnetloaderevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks