dridex

General

Target

Documentation_N00467290036012021.pdf.zip
Size

1.1MB
Sample

210112-9jksgnsa3e
MD5

b7dd1db964e41fa6b46acfc0bb65be01
SHA1

5e7d09beec0403626403c4405a2ea428282475f4
SHA256

c2016951e9a42f4d1edb3a844555d80b556cf933e72d86edee71640300fb389e
SHA512

a89ccc00251a12be2e377d64d6e7ceb30965ae52ad3ec36eed66360e97f6f6d87a0e6d5ed4e2e381477872a07f0e4fd773dd028a530b94671d42537461674e04

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://pecas24.mypart.pt/l0sjk3o.dll

Extracted

Family

dridex

Botnet

10555

C2

77.220.64.37:443

80.86.91.27:3308

5.100.228.233:3389

46.105.131.65:1512

rc4.plain

Targets

- Target
  
  Documentation_N00467290036012021.pdf.exe
- Size
  
  3.0MB
- MD5
  
  b5cf8e49c029675d46290cad39074fbb
- SHA1
  
  6248377675180077a96e8b9c112092183d7db6ac
- SHA256
  
  0908fcbd546e73f904740320a6491d834e5042f753e76c6facf5a201e64ec075
- SHA512
  
  de1485686c1386c58571da771527a207bb500968c095961a102c3b754975fee7696debd0f1435bd99f6d020a0e570be8a5a5da7bd95be51d63f88bcbea0fe3f9
Score

10^/10

dridex 10555 botnet loader ransomware
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Dridex Loader

Blocklisted process makes network request

Loads dropped DLL

Enumerates physical storage devices

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2