dridex | 4bf58623f91ff9a19c2893061a2a14660f61b2294f976a9d80ab6b3d023c9892 | Triage

Submit
Reports

Overview

overview

Static

static

8

3d67b0c7d2...58.xls

windows7_x64

3d67b0c7d2...58.xls

windows10_x64

Sharing

General

Target

3d67b0c7d220a241c6eb2ed5660ac458
Size

655KB
Sample

210721-6sbnq8hlyn
MD5

3d67b0c7d220a241c6eb2ed5660ac458
SHA1

fceed53a83a376274c92d26c870f7b4abd201f56
SHA256

4bf58623f91ff9a19c2893061a2a14660f61b2294f976a9d80ab6b3d023c9892
SHA512

b2bd38913d4c144cb6e01d6f5281d54fe864467a730839c063f54180be2bd86ea8541e5ca6b97ed3321e0caea711cec4883e56ca74bc9932d4a271866b833fe9

Score

10^/10

dridex 22201 botnet evasion loader macro macro_on_action trojan

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

3d67b0c7d220a241c6eb2ed5660ac458.xls

Resource

win7v20210410

dridex 22201 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3d67b0c7d220a241c6eb2ed5660ac458.xls

Resource

win10v20210410

dridex 22201 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786

rc4.plain

rc4.plain

Targets

- Target
  
  3d67b0c7d220a241c6eb2ed5660ac458
- Size
  
  655KB
- MD5
  
  3d67b0c7d220a241c6eb2ed5660ac458
- SHA1
  
  fceed53a83a376274c92d26c870f7b4abd201f56
- SHA256
  
  4bf58623f91ff9a19c2893061a2a14660f61b2294f976a9d80ab6b3d023c9892
- SHA512
  
  b2bd38913d4c144cb6e01d6f5281d54fe864467a730839c063f54180be2bd86ea8541e5ca6b97ed3321e0caea711cec4883e56ca74bc9932d4a271866b833fe9
Score

10^/10

dridex 22201 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

dridex22201botnetevasionloadertrojan

behavioral2

dridex22201botnetevasionloadertrojan

© 2018-2024

Terms | Privacy