Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5085e767c5654dd845a4cad6f48606a6c887eaaf1fed09748fec3e1234907431

  • Size

    160KB

  • Sample

    210626-n4a39ts3aa

  • MD5

    47568eb6ae4a754b747179d850079518

  • SHA1

    7a598049a63889fff94bb17370fca4fd7362d6da

  • SHA256

    5085e767c5654dd845a4cad6f48606a6c887eaaf1fed09748fec3e1234907431

  • SHA512

    05d1895d3fc8b0c9cf639b1911f5253282220ebc4060d134d8fccdf1840ff19db760b27b7078829eccdf237bf0600ed8d821047f836f6a253e663116aa8f4196

Score
10/10
dridex40111botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

94.247.168.64:443

159.203.93.122:8172

50.116.27.97:2303
rc4.plain
rc4.plain

Targets

    • Target

      5085e767c5654dd845a4cad6f48606a6c887eaaf1fed09748fec3e1234907431

    • Size

      160KB

    • MD5

      47568eb6ae4a754b747179d850079518

    • SHA1

      7a598049a63889fff94bb17370fca4fd7362d6da

    • SHA256

      5085e767c5654dd845a4cad6f48606a6c887eaaf1fed09748fec3e1234907431

    • SHA512

      05d1895d3fc8b0c9cf639b1911f5253282220ebc4060d134d8fccdf1840ff19db760b27b7078829eccdf237bf0600ed8d821047f836f6a253e663116aa8f4196

    Score
    10/10
    dridex40111botnetevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks