Overview

overview

10

Static

static

9

7setq.exe

windows7_x64

10

7setq.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7setq.zip

  • Size

    235KB

  • Sample

    210208-tneaf4ytaa

  • MD5

    49cdf6887221d7fdb9ed4948673b6bb6

  • SHA1

    7944589e948f9ab3389ac4e54035ba6ea3759411

  • SHA256

    8a8abc1e2be496d327293ae1309de2d26064a1fe13ef4710f3e5b8e02029e77b

  • SHA512

    4d5eae86c599bd9f6ab5ce64deb61e04412dc3bed449092bf85527e1445404d6b6b05fbdca5057fcee709039a4a3731b654a0bd7eaff7d50d243903ed7222325

Score
10/10
dridex10111botnetcryptonediscoveryevasionloaderpackertrojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

51.68.224.245:4646

188.165.17.91:8443

173.255.246.77:691
rc4.plain
rc4.plain

Targets

    • Target

      7setq.exe

    • Size

      1.3MB

    • MD5

      ce6b3fc8dfc97b648dc245ba1ea0a109

    • SHA1

      3f395722701450d2ea221b46f5fa4a0bcad9a3ec

    • SHA256

      388d433e53b9c0294424bda5cc15e5a03c04c8aa9509d9161f9dc6176afb8b6a

    • SHA512

      2b39526d7e23557c18226f76fe9d352d6cb24fa1184fbc8801733a06648e27dd5eaac94ef16276c1a1421e6be47c723b9f79dc1fc17e12d08161ff0fda8f575f

    Score
    10/10
    dridex10111botnetdiscoveryevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks