dridex | 87279368f43e7b93c3f9fb5a08884bd77dba3c01efaa8f0375f2c9b76d48d90a | Triage

Submit
Reports

Overview

overview

Static

static

87279368f4...0a.dll

windows7_x64

87279368f4...0a.dll

windows10_x64

Sharing

General

Target

87279368f43e7b93c3f9fb5a08884bd77dba3c01efaa8f0375f2c9b76d48d90a
Size

188KB
Sample

210303-bchabvq356
MD5

f683aa9a0a8870bc2c2d840bb6fbc468
SHA1

4fd8222aff25658c399c2f0c63e982f3b1f12108
SHA256

87279368f43e7b93c3f9fb5a08884bd77dba3c01efaa8f0375f2c9b76d48d90a
SHA512

947b6bc9c6c4298776d4981e14ea9059600afb818fae4803b18e2fdf779deaab5e043cf77ac36bfa37b69e19baf9d67dd6b899e606b011549da51251c38b9da8

Score

10^/10

dridex 111 botnet discovery evasion loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

87279368f43e7b93c3f9fb5a08884bd77dba3c01efaa8f0375f2c9b76d48d90a.dll

Resource

win7v20201028

dridex 111 botnet discovery evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

87279368f43e7b93c3f9fb5a08884bd77dba3c01efaa8f0375f2c9b76d48d90a.dll

Resource

win10v20201028

dridex 111 botnet discovery evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

111

C2

116.251.211.158:443

216.10.242.142:6601

37.247.35.137:6601

rc4.plain

rc4.plain

Targets

- Target
  
  87279368f43e7b93c3f9fb5a08884bd77dba3c01efaa8f0375f2c9b76d48d90a
- Size
  
  188KB
- MD5
  
  f683aa9a0a8870bc2c2d840bb6fbc468
- SHA1
  
  4fd8222aff25658c399c2f0c63e982f3b1f12108
- SHA256
  
  87279368f43e7b93c3f9fb5a08884bd77dba3c01efaa8f0375f2c9b76d48d90a
- SHA512
  
  947b6bc9c6c4298776d4981e14ea9059600afb818fae4803b18e2fdf779deaab5e043cf77ac36bfa37b69e19baf9d67dd6b899e606b011549da51251c38b9da8
Score

10^/10

dridex 111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex111botnetdiscoveryevasionloadertrojan

behavioral2

dridex111botnetdiscoveryevasionloadertrojan

© 2018-2024

Terms | Privacy