dridex | 20c5c02873f69ec0ad6b8c1470d90a3f3a350ebb1de0cd957e820663eff20baf | Triage

Submit
Reports

Overview

overview

Static

static

20c5c02873...af.dll

windows7_x64

20c5c02873...af.dll

windows10_x64

Sharing

General

Target

20c5c02873f69ec0ad6b8c1470d90a3f3a350ebb1de0cd957e820663eff20baf
Size

168KB
Sample

210306-wflle1scs6
MD5

3f0cf83ea4ecd9c97eb4b605d586bd7c
SHA1

b233ca947f52d7795502d7e7d32760827cca4dd9
SHA256

20c5c02873f69ec0ad6b8c1470d90a3f3a350ebb1de0cd957e820663eff20baf
SHA512

a961482a1fa96db7110724401ee6394a56d7ffdc015627337792fb193f09aeb6978fe2964e6e5dce3e62f15d0c957f8253742e809062e4aec7c104e8e7251105

Score

10^/10

dridex 111 botnet discovery evasion loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

20c5c02873f69ec0ad6b8c1470d90a3f3a350ebb1de0cd957e820663eff20baf.dll

Resource

win7v20201028

dridex 111 botnet discovery evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20c5c02873f69ec0ad6b8c1470d90a3f3a350ebb1de0cd957e820663eff20baf.dll

Resource

win10v20201028

dridex 111 botnet discovery evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

111

C2

173.203.78.138:443

217.160.107.189:6601

77.220.64.150:5037

rc4.plain

rc4.plain

Targets

- Target
  
  20c5c02873f69ec0ad6b8c1470d90a3f3a350ebb1de0cd957e820663eff20baf
- Size
  
  168KB
- MD5
  
  3f0cf83ea4ecd9c97eb4b605d586bd7c
- SHA1
  
  b233ca947f52d7795502d7e7d32760827cca4dd9
- SHA256
  
  20c5c02873f69ec0ad6b8c1470d90a3f3a350ebb1de0cd957e820663eff20baf
- SHA512
  
  a961482a1fa96db7110724401ee6394a56d7ffdc015627337792fb193f09aeb6978fe2964e6e5dce3e62f15d0c957f8253742e809062e4aec7c104e8e7251105
Score

10^/10

dridex 111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex111botnetdiscoveryevasionloadertrojan

behavioral2

dridex111botnetdiscoveryevasionloadertrojan

© 2018-2024

Terms | Privacy