dridex | e64e3395c17e8de856a49a6c16eec63b95d876b957b8e2ff12946f8a93a6faad | Triage

Sharing

General

Target

a804ed88ea8ab0b0136488a6302626ba.exe
Size

637KB
Sample

210112-x1nbyftdpn
MD5

a804ed88ea8ab0b0136488a6302626ba
SHA1

27e4371f7c0892be905d63661ead63ea9683b95b
SHA256

e64e3395c17e8de856a49a6c16eec63b95d876b957b8e2ff12946f8a93a6faad
SHA512

a887836f6d277eba77f47e716b571c754dc33b19d237b2c182fc702bada6003801b55288953755ed766157a321bc64e14cc5ade9e9358068bcf5530b61cdaeb7

Score

10^/10

dridex 10555 botnet loader ransomware

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

77.220.64.37:443

80.86.91.27:3308

5.100.228.233:3389

46.105.131.65:1512

rc4.plain

rc4.plain

Targets

- Target
  
  a804ed88ea8ab0b0136488a6302626ba.exe
- Size
  
  637KB
- MD5
  
  a804ed88ea8ab0b0136488a6302626ba
- SHA1
  
  27e4371f7c0892be905d63661ead63ea9683b95b
- SHA256
  
  e64e3395c17e8de856a49a6c16eec63b95d876b957b8e2ff12946f8a93a6faad
- SHA512
  
  a887836f6d277eba77f47e716b571c754dc33b19d237b2c182fc702bada6003801b55288953755ed766157a321bc64e14cc5ade9e9358068bcf5530b61cdaeb7
Score

10^/10

dridex 10555 botnet loader ransomware
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetloaderransomware

behavioral2

dridex10555botnetloaderransomware