Overview

overview

10

Static

static

12e5f7b49a...ad.dll

windows7_x64

10

12e5f7b49a...ad.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12e5f7b49a5065f5b234e202829efeee308314ebd7f22ad2815126398619d3ad

  • Size

    188KB

  • Sample

    210303-p1typ51zxs

  • MD5

    9072fda9208770973fcd357de3fb30ab

  • SHA1

    d221aa2a2b90c9cf8f62792c6092d5e5fd04442b

  • SHA256

    12e5f7b49a5065f5b234e202829efeee308314ebd7f22ad2815126398619d3ad

  • SHA512

    3905afe1f07f55219e9b06fdb3d024d345894a3fe3cde35acd232a0b2768ed64ccfa8f84890a99ebce0913dc5395ac589a45c9bd810b2bc6b43ced369c32e1a1

Score
10/10
dridex111botnetdiscoveryevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

111

C2

116.251.211.158:443

216.10.242.142:6601

37.247.35.137:6601
rc4.plain
rc4.plain

Targets

    • Target

      12e5f7b49a5065f5b234e202829efeee308314ebd7f22ad2815126398619d3ad

    • Size

      188KB

    • MD5

      9072fda9208770973fcd357de3fb30ab

    • SHA1

      d221aa2a2b90c9cf8f62792c6092d5e5fd04442b

    • SHA256

      12e5f7b49a5065f5b234e202829efeee308314ebd7f22ad2815126398619d3ad

    • SHA512

      3905afe1f07f55219e9b06fdb3d024d345894a3fe3cde35acd232a0b2768ed64ccfa8f84890a99ebce0913dc5395ac589a45c9bd810b2bc6b43ced369c32e1a1

    Score
    10/10
    dridex111botnetdiscoveryevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks