Overview

overview

10

Static

static

c6cdb5139f...f9.exe

windows7_x64

10

c6cdb5139f...f9.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6cdb5139fdc915f452ff2d5b3cb58cdf23538b0b8a151c912ed3b07d9c3ecf9

  • Size

    212KB

  • Sample

    210509-4k74fsjdb6

  • MD5

    a6e6d91ba6cb87627952e9472ed3c0fa

  • SHA1

    04f92b7f82086fc6849be56687513ef7a1fec408

  • SHA256

    c6cdb5139fdc915f452ff2d5b3cb58cdf23538b0b8a151c912ed3b07d9c3ecf9

  • SHA512

    75e99e4e8a7904e1dc14db1be4fff7abcd8ee437eb94bac41864df5a093578460c8b0ccfd0cf84e816d5192cf7ebff0a3317792488f01c2236808089f656352b

Score
10/10
dridex40400botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

38.88.126.131:443

145.239.169.32:8443

163.172.7.152:443

45.79.135.98:691
rc4.plain
rc4.plain

Targets

    • Target

      c6cdb5139fdc915f452ff2d5b3cb58cdf23538b0b8a151c912ed3b07d9c3ecf9

    • Size

      212KB

    • MD5

      a6e6d91ba6cb87627952e9472ed3c0fa

    • SHA1

      04f92b7f82086fc6849be56687513ef7a1fec408

    • SHA256

      c6cdb5139fdc915f452ff2d5b3cb58cdf23538b0b8a151c912ed3b07d9c3ecf9

    • SHA512

      75e99e4e8a7904e1dc14db1be4fff7abcd8ee437eb94bac41864df5a093578460c8b0ccfd0cf84e816d5192cf7ebff0a3317792488f01c2236808089f656352b

    Score
    10/10
    dridex40400botnetloaderevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks