dridex | 8459af77e5ece4c9ba83bd36bd4e0799648513ed5a54849476c6d475b3fc2e86 | Triage

Submit
Reports

Overview

overview

Static

static

8459af77e5...86.dll

windows7_x64

8459af77e5...86.dll

windows10_x64

Sharing

General

Target

8459af77e5ece4c9ba83bd36bd4e0799648513ed5a54849476c6d475b3fc2e86
Size

639KB
Sample

210419-a2tyhahlwn
MD5

585423e871c91c4efa6e2b23b170314d
SHA1

e6d4a686d1a119dd08c1dbfe961f60842c4634ca
SHA256

8459af77e5ece4c9ba83bd36bd4e0799648513ed5a54849476c6d475b3fc2e86
SHA512

e4aa5618647fc4ec8ae107208bb4e3c97991d40f12d95d6b1195b1d2f3d055e2a5cc7ff72935ef154549be6bc9799d24f4c1629ac079442d3771f1a213018dbf

Score

10^/10

dridex 10444 botnet discovery evasion loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

8459af77e5ece4c9ba83bd36bd4e0799648513ed5a54849476c6d475b3fc2e86.dll

Resource

win7v20210410

dridex 10444 botnet discovery evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8459af77e5ece4c9ba83bd36bd4e0799648513ed5a54849476c6d475b3fc2e86.dll

Resource

win10v20210408

dridex 10444 botnet discovery evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

146.185.170.249:443

62.75.251.60:6601

185.148.168.25:2303

rc4.plain

rc4.plain

Targets

- Target
  
  8459af77e5ece4c9ba83bd36bd4e0799648513ed5a54849476c6d475b3fc2e86
- Size
  
  639KB
- MD5
  
  585423e871c91c4efa6e2b23b170314d
- SHA1
  
  e6d4a686d1a119dd08c1dbfe961f60842c4634ca
- SHA256
  
  8459af77e5ece4c9ba83bd36bd4e0799648513ed5a54849476c6d475b3fc2e86
- SHA512
  
  e4aa5618647fc4ec8ae107208bb4e3c97991d40f12d95d6b1195b1d2f3d055e2a5cc7ff72935ef154549be6bc9799d24f4c1629ac079442d3771f1a213018dbf
Score

10^/10

dridex 10444 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasionloadertrojan

behavioral2

dridex10444botnetdiscoveryevasionloadertrojan

© 2018-2024

Terms | Privacy