dridex | 881c022032c6fb9bedfae76dd6c93863b2b7f48e282e0dbcbdcf702a6958ced2 | Triage

Submit
Reports

Overview

overview

Static

static

9

unzn3pblrpdf.dll

windows7_x64

unzn3pblrpdf.dll

windows10_x64

Sharing

General

Target

unzn3pblrpdf
Size

599KB
Sample

201116-zqkrazxfh2
MD5

056b77549421d66b289f6cfed2d26561
SHA1

c0aa8602241f36bb466dae0bb0cd191e905e7e7e
SHA256

881c022032c6fb9bedfae76dd6c93863b2b7f48e282e0dbcbdcf702a6958ced2
SHA512

09fa02ad375bd108a05124cb8c8a50e9a3b877b3033c15f6c222d569166119fb583135b471a53d72108944e5e4f55a23e40cbb624272286880da9cf95a206419

Score

10^/10

dridex 10444 botnet cryptone discovery evasion loader packer trojan

Static task

static1

cryptone packer

Behavioral task

behavioral1

Sample

unzn3pblrpdf.dll

Resource

win7v20201028

dridex 10444 botnet discovery evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

unzn3pblrpdf.dll

Resource

win10v20201028

dridex 10444 botnet loader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

77.220.64.53:443

172.96.190.154:4664

209.126.111.137:33443

167.99.158.82:33443

rc4.plain

rc4.plain

Targets

- Target
  
  unzn3pblrpdf
- Size
  
  599KB
- MD5
  
  056b77549421d66b289f6cfed2d26561
- SHA1
  
  c0aa8602241f36bb466dae0bb0cd191e905e7e7e
- SHA256
  
  881c022032c6fb9bedfae76dd6c93863b2b7f48e282e0dbcbdcf702a6958ced2
- SHA512
  
  09fa02ad375bd108a05124cb8c8a50e9a3b877b3033c15f6c222d569166119fb583135b471a53d72108944e5e4f55a23e40cbb624272286880da9cf95a206419
Score

10^/10

dridex 10444 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasionloadertrojan

behavioral2

dridex10444botnetloader

© 2018-2024

Terms | Privacy