Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe6fd557b1ac9f3a89c34e680acbc8f832d7dcaaa33560eece40a432298040c6

  • Size

    162KB

  • Sample

    210421-bcnt6nyk6n

  • MD5

    25cf02cc1e36dd407a816ea7215d3b96

  • SHA1

    87f781a9bd9a93ff654783dc4b6b7519cab92e17

  • SHA256

    fe6fd557b1ac9f3a89c34e680acbc8f832d7dcaaa33560eece40a432298040c6

  • SHA512

    77440e61e6be7fd4991484423c29dfc4ee7f5b79e9ce905c137021cdda2bbe0750343149d7cb7e41aaaf9585bdd250873ba5b5bca64bef4f86f7e10aaeb6b68e

Score
10/10
dridex40112botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172
rc4.plain
rc4.plain

Targets

    • Target

      fe6fd557b1ac9f3a89c34e680acbc8f832d7dcaaa33560eece40a432298040c6

    • Size

      162KB

    • MD5

      25cf02cc1e36dd407a816ea7215d3b96

    • SHA1

      87f781a9bd9a93ff654783dc4b6b7519cab92e17

    • SHA256

      fe6fd557b1ac9f3a89c34e680acbc8f832d7dcaaa33560eece40a432298040c6

    • SHA512

      77440e61e6be7fd4991484423c29dfc4ee7f5b79e9ce905c137021cdda2bbe0750343149d7cb7e41aaaf9585bdd250873ba5b5bca64bef4f86f7e10aaeb6b68e

    Score
    10/10
    dridex40112botnetevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks