dridex | 8a8abc1e2be496d327293ae1309de2d26064a1fe13ef4710f3e5b8e02029e77b

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7v20201028
submitted
08-02-2021 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7setq.exe
Size

1.3MB
MD5

ce6b3fc8dfc97b648dc245ba1ea0a109
SHA1

3f395722701450d2ea221b46f5fa4a0bcad9a3ec
SHA256

388d433e53b9c0294424bda5cc15e5a03c04c8aa9509d9161f9dc6176afb8b6a
SHA512

2b39526d7e23557c18226f76fe9d352d6cb24fa1184fbc8801733a06648e27dd5eaac94ef16276c1a1421e6be47c723b9f79dc1fc17e12d08161ff0fda8f575f

Score

10^/10

dridex 10111 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

51.68.224.245:4646

188.165.17.91:8443

173.255.246.77:691

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 2 IoCs

Detects Dridex both x86 and x64 loader in memory.

botnet loader

Processes:

resource	yara_rule
behavioral1/memory/1732-3-0x0000000000400000-0x000000000043D000-memory.dmp	dridex_ldr
behavioral1/memory/1732-5-0x0000000000400000-0x000000000043D000-memory.dmp	dridex_ldr

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

7setq.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 7setq.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	7setq.exe

C:\Users\Admin\AppData\Local\Temp\7setq.exe
"C:\Users\Admin\AppData\Local\Temp\7setq.exe"
1⤵
- Checks whether UAC is enabled
PID:1732

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1720-6-0x000007FEF6400000-0x000007FEF667A000-memory.dmp

Filesize
2.5MB

Download
memory/1732-2-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

Filesize
8KB

Download
memory/1732-3-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1732-4-0x0000000001C70000-0x0000000001CAC000-memory.dmp

Filesize
240KB

Download
memory/1732-5-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download