dridex | 2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b | Triage

Submit
Reports

Overview

overview

Static

static

Amazon_Gif...20.scr

windows7_x64

Amazon_Gif...20.scr

windows10_x64

Sharing

General

Target

Amazon_Gift-Card.579177920.scr
Size

965KB
Sample

201126-f8mgp8k9za
MD5

33ca3e86d783234092e52369e1b6bb83
SHA1

653ab54e15b01473943cd897ded24f742b0193c5
SHA256

2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b
SHA512

7ddd8dfca491fd272cb1232813e78a0df52983801222b00cc535c1386a411aba30aa2bc720b4d913685f564c2060f8d072c48c31be88753d0924639f8adb632e

Score

10^/10

dridex 10555 botnet evasion loader ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Amazon_Gift-Card.579177920.scr

Resource

win7v20201028

dridex 10555 botnet evasion loader ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Amazon_Gift-Card.579177920.scr

Resource

win10v20201028

dridex 10555 botnet evasion loader ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

194.225.58.216:443

178.254.40.132:691

216.172.165.70:3889

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  Amazon_Gift-Card.579177920.scr
- Size
  
  965KB
- MD5
  
  33ca3e86d783234092e52369e1b6bb83
- SHA1
  
  653ab54e15b01473943cd897ded24f742b0193c5
- SHA256
  
  2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b
- SHA512
  
  7ddd8dfca491fd272cb1232813e78a0df52983801222b00cc535c1386a411aba30aa2bc720b4d913685f564c2060f8d072c48c31be88753d0924639f8adb632e
Score

10^/10

dridex 10555 botnet evasion loader ransomware
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Loads dropped DLL
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetevasionloaderransomware

behavioral2

dridex10555botnetevasionloaderransomware

© 2018-2024

Terms | Privacy