Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
Amazon_eGift-Card.451219634.doc
112KB
201126-q9gy3nxaxa
a71b2ef896ebe4043b8970eeda03577c
1e4c849910d35e23fb8f3e67294f3e6ec0630360
a888a7f5140bad661317264229075089b1c8e1267984b3d495a39a5f5638a419
d587ec15aa1149f5ba7ad082d6da19bc83f5bdc6b974ceaf424e3b9a803abec2e935381b7254452a4c3d9c5c60d59b4feb6fcc2b9e747eb3711f7cf81a9398cd
Language | ps1 |
Source |
|
URLs |
exe.dropper
https://burstner.clabris.se/ exe.dropperhttp://bespokeweddings.ie/ exe.dropperhttps://conjurosdeamoryhechiceriaacacio.com/ exe.dropperhttps://keitauniv.keita.ae/ exe.dropperhttps://cms.keita.ae/ exe.dropperhttps://airbornegroup.net/ exe.dropperhttps://phones.pmrspain.com/ exe.dropperhttp://oya.qa/ |
Family | dridex |
Version | 10555 |
C2 |
194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 |
rc4.plain |
|
rc4.plain |
|
Amazon_eGift-Card.451219634.doc
a71b2ef896ebe4043b8970eeda03577c
112KB
1e4c849910d35e23fb8f3e67294f3e6ec0630360
a888a7f5140bad661317264229075089b1c8e1267984b3d495a39a5f5638a419
d587ec15aa1149f5ba7ad082d6da19bc83f5bdc6b974ceaf424e3b9a803abec2e935381b7254452a4c3d9c5c60d59b4feb6fcc2b9e747eb3711f7cf81a9398cd
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
This typically indicates the parent process was compromised via an exploit or macro.
Detects Dridex both x86 and x64 loader in memory.
Looks up Uninstall key entries in the registry to enumerate software on the system.