Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
eGift-CardAmazon.907427310.doc
112KB
201126-epjy89wscs
b40361fe26889021f4f934c9b68aaa0a
8e0a6fe27090e76ecac36cc7be25de7a551c029a
d4704ca87e4e6072526a67adbf5e5a752172e947a4e6354d962455b4dce37994
504e66710a8df7391d54a6e5e8e6d27b7598e13396456170a8ab9e4038220b6bf9359bdcf2c48a5afd54ff7a677ff273c73894e37ff7c845e892fa10ec0d2a0a
Language | ps1 |
Deobfuscated |
|
URLs |
exe.dropper
https://burstner.clabris.se/ucjk7st.zip exe.dropperhttp://bespokeweddings.ie/k1c8dh4.rar exe.dropperhttps://conjurosdeamoryhechiceriaacacio.com/tjbdhdvi1.zip exe.dropperhttps://keitauniv.keita.ae/wchfvdsd7.rar exe.dropperhttps://cms.keita.ae/h0mqrz.rar exe.dropperhttps://airbornegroup.net/y461xrm.zip exe.dropperhttps://phones.pmrspain.com/xzeoxn8.rar exe.dropperhttp://oya.qa/lfonl5.rar |
Family | dridex |
Botnet | 10555 |
C2 |
194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 |
rc4.plain |
|
rc4.plain |
|
eGift-CardAmazon.907427310.doc
b40361fe26889021f4f934c9b68aaa0a
112KB
8e0a6fe27090e76ecac36cc7be25de7a551c029a
d4704ca87e4e6072526a67adbf5e5a752172e947a4e6354d962455b4dce37994
504e66710a8df7391d54a6e5e8e6d27b7598e13396456170a8ab9e4038220b6bf9359bdcf2c48a5afd54ff7a677ff273c73894e37ff7c845e892fa10ec0d2a0a
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
This typically indicates the parent process was compromised via an exploit or macro.
Detects Dridex both x86 and x64 loader in memory.
Looks up Uninstall key entries in the registry to enumerate software on the system.