Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
eGift-CardAmazon.962221989.doc
112KB
201126-gw7vl9ezqs
97e8aca68cb07b66b0d7e85f2d29d84e
561aa71afe2aff33a670f85cc53a926d059d7d97
1fba9921befe472d7ba9359523f2561865783d5184f2276bb455c6eb7ea4c947
df917bc51f62b1d5fd9dc9b883700a93cf3db5cad0ac09d7e3462b57c97326922fe7f4e9d4b0c0932234454af8370b9f4665e9dc15fda61b68536c52344cafcd
Language | ps1 |
Deobfuscated |
|
URLs |
exe.dropper
https://burstner.clabris.se/ucjk7st.zip exe.dropperhttp://bespokeweddings.ie/k1c8dh4.rar exe.dropperhttps://conjurosdeamoryhechiceriaacacio.com/tjbdhdvi1.zip exe.dropperhttps://keitauniv.keita.ae/wchfvdsd7.rar exe.dropperhttps://cms.keita.ae/h0mqrz.rar exe.dropperhttps://airbornegroup.net/y461xrm.zip exe.dropperhttps://phones.pmrspain.com/xzeoxn8.rar exe.dropperhttp://oya.qa/lfonl5.rar |
Family | dridex |
Botnet | 10555 |
C2 |
194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 |
rc4.plain |
|
rc4.plain |
|
eGift-CardAmazon.962221989.doc
97e8aca68cb07b66b0d7e85f2d29d84e
112KB
561aa71afe2aff33a670f85cc53a926d059d7d97
1fba9921befe472d7ba9359523f2561865783d5184f2276bb455c6eb7ea4c947
df917bc51f62b1d5fd9dc9b883700a93cf3db5cad0ac09d7e3462b57c97326922fe7f4e9d4b0c0932234454af8370b9f4665e9dc15fda61b68536c52344cafcd
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
This typically indicates the parent process was compromised via an exploit or macro.
Detects Dridex both x86 and x64 loader in memory.
Looks up Uninstall key entries in the registry to enumerate software on the system.