Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
Order_Gift_Card.961396645.doc
112KB
201126-9jgh78d49n
7d46d3da88253c6abcc426ce9fb9e3c5
8dbd9d1bfe48c59b5704d6275f478e768230c81d
9ca6330ecc859154893e48bed53317005670c23c5d58bca8e991177cbb7324e9
9a19fa0d30c49384582aeb323a44e13118281e55e26c9de668eebf222862761c4e47cdcfbea6a6e6eb2a93d436af16989d4f42870ae1dfa5b7c0e015b52be559
Language | ps1 |
Source |
|
URLs |
exe.dropper
https://burstner.clabris.se/ exe.dropperhttp://bespokeweddings.ie/ exe.dropperhttps://conjurosdeamoryhechiceriaacacio.com/ exe.dropperhttps://keitauniv.keita.ae/ exe.dropperhttps://cms.keita.ae/ exe.dropperhttps://airbornegroup.net/ exe.dropperhttps://phones.pmrspain.com/ exe.dropperhttp://oya.qa/ |
Family | dridex |
Version | 10555 |
C2 |
194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 |
rc4.plain |
|
rc4.plain |
|
Order_Gift_Card.961396645.doc
7d46d3da88253c6abcc426ce9fb9e3c5
112KB
8dbd9d1bfe48c59b5704d6275f478e768230c81d
9ca6330ecc859154893e48bed53317005670c23c5d58bca8e991177cbb7324e9
9a19fa0d30c49384582aeb323a44e13118281e55e26c9de668eebf222862761c4e47cdcfbea6a6e6eb2a93d436af16989d4f42870ae1dfa5b7c0e015b52be559
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
This typically indicates the parent process was compromised via an exploit or macro.
Detects Dridex both x86 and x64 loader in memory.
Looks up Uninstall key entries in the registry to enumerate software on the system.