dridex | 16236a7967ffcae726ad1c8fff934e7c852ea2216d28bd73f26beb4d74a30bc0 | Triage

Resubmissions

26-11-2020 08:31

201126-5nxjasjx32 10

02-07-2020 09:47

200702-1gz11xgfwa 1

02-07-2020 06:13

200702-zgsfma6g2s 1

Sharing

General

Target

flpaoql.exe
Size

196KB
Sample

201126-5nxjasjx32
MD5

54e6654dec830080b8181b22b2f5593f
SHA1

cbef8cef80fd5eeb7650a87cba8cee212137def8
SHA256

16236a7967ffcae726ad1c8fff934e7c852ea2216d28bd73f26beb4d74a30bc0
SHA512

4ddd4b61ba9d4e65eae7e398ea253d1d0c0ae33600eb951962f44450f0b72b144e36a4a1961d081e67263a1521a6ad7c78d20b0487120fde0a20f3fa40e516d0

Score

10^/10

dridex 40400 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

51.15.7.145:443

198.27.69.201:4643

198.20.228.10:3389

192.99.41.136:981

rc4.plain

rc4.plain

Targets

- Target
  
  flpaoql.exe
- Size
  
  196KB
- MD5
  
  54e6654dec830080b8181b22b2f5593f
- SHA1
  
  cbef8cef80fd5eeb7650a87cba8cee212137def8
- SHA256
  
  16236a7967ffcae726ad1c8fff934e7c852ea2216d28bd73f26beb4d74a30bc0
- SHA512
  
  4ddd4b61ba9d4e65eae7e398ea253d1d0c0ae33600eb951962f44450f0b72b144e36a4a1961d081e67263a1521a6ad7c78d20b0487120fde0a20f3fa40e516d0
Score

10^/10

dridex 40400 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

dridex40400botnetloader