Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
Gift_Card_209788849.doc
112KB
201126-cmy9z2vb4n
d1cf7f50f8414d437acb4f026528909e
56811440234742e6b7617685e0dee6a1f4034dfe
e20dadb65651d81743aae5451f4f63d6fd7a7da48d4bf71af247a033ac46ee11
bb14b8816ab2ab8f44d5299e33576ca32ff717eeb5754452f724d59c61293c08f74cd085a890192ca89944809c402b82470917e1f07309879c2e2da7ba052ade
Language | ps1 |
Deobfuscated |
|
URLs |
exe.dropper
https://burstner.clabris.se/ucjk7st.zip exe.dropperhttp://bespokeweddings.ie/k1c8dh4.rar exe.dropperhttps://conjurosdeamoryhechiceriaacacio.com/tjbdhdvi1.zip exe.dropperhttps://keitauniv.keita.ae/wchfvdsd7.rar exe.dropperhttps://cms.keita.ae/h0mqrz.rar exe.dropperhttps://airbornegroup.net/y461xrm.zip exe.dropperhttps://phones.pmrspain.com/xzeoxn8.rar exe.dropperhttp://oya.qa/lfonl5.rar |
Family | dridex |
Botnet | 10555 |
C2 |
194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 |
rc4.plain |
|
rc4.plain |
|
Gift_Card_209788849.doc
d1cf7f50f8414d437acb4f026528909e
112KB
56811440234742e6b7617685e0dee6a1f4034dfe
e20dadb65651d81743aae5451f4f63d6fd7a7da48d4bf71af247a033ac46ee11
bb14b8816ab2ab8f44d5299e33576ca32ff717eeb5754452f724d59c61293c08f74cd085a890192ca89944809c402b82470917e1f07309879c2e2da7ba052ade
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
This typically indicates the parent process was compromised via an exploit or macro.
Detects Dridex both x86 and x64 loader in memory.
Looks up Uninstall key entries in the registry to enumerate software on the system.