Overview

overview

10

Static

static

0x00020000...at.dll

windows7_x64

10

0x00020000...at.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x000200000001ab76-180.dat

  • Size

    154KB

  • Sample

    210421-vqz58kjx5j

  • MD5

    9099f93a131065d0c84a7b27c5e6225b

  • SHA1

    08fe0345e15029f06c70109833cfcb641e36dc2e

  • SHA256

    1a245e6b71db0d64fe0d27a113583bef2a65d0fdf3e183c459e6a768504eb79c

  • SHA512

    809eaef442597a8da6d84a8eedb5cfab391f23b728afefd68be20604871680f8c92249642df97b531696224b8f08c80596a029b58ea8f3690d08060491cd726a

Score
10/10
dridex40111botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

159.8.59.82:443

51.91.156.39:2303

67.196.50.240:8172
rc4.plain
rc4.plain

Targets

    • Target

      0x000200000001ab76-180.dat

    • Size

      154KB

    • MD5

      9099f93a131065d0c84a7b27c5e6225b

    • SHA1

      08fe0345e15029f06c70109833cfcb641e36dc2e

    • SHA256

      1a245e6b71db0d64fe0d27a113583bef2a65d0fdf3e183c459e6a768504eb79c

    • SHA512

      809eaef442597a8da6d84a8eedb5cfab391f23b728afefd68be20604871680f8c92249642df97b531696224b8f08c80596a029b58ea8f3690d08060491cd726a

    Score
    10/10
    dridex40111botnetevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks