Overview

overview

10

Static

static

b24e46b734...9a.xls

windows7_x64

10

b24e46b734...9a.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b24e46b73441f06294548c8dcfea1b9a

  • Size

    660KB

  • Sample

    210721-j5fyh6a3he

  • MD5

    b24e46b73441f06294548c8dcfea1b9a

  • SHA1

    9a1324e66fd2a6927fad5ca60d6fb87de3ccfd20

  • SHA256

    8fffaedc7f8f3a6c84be5cd0e21ea9a3bc9c4b0700937f6b529a1d861f326710

  • SHA512

    a4e05f93e8f20aa9215e5da1d1daf7dfc5ddae0b039c6d0602653d6a2b3da08a7125d5575df34032e5f47f1509ce360075dc31d3cc9d633bc3006687e0ea4a58

Score
10/10
dridex22202botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786
rc4.plain
rc4.plain

Targets

    • Target

      b24e46b73441f06294548c8dcfea1b9a

    • Size

      660KB

    • MD5

      b24e46b73441f06294548c8dcfea1b9a

    • SHA1

      9a1324e66fd2a6927fad5ca60d6fb87de3ccfd20

    • SHA256

      8fffaedc7f8f3a6c84be5cd0e21ea9a3bc9c4b0700937f6b529a1d861f326710

    • SHA512

      a4e05f93e8f20aa9215e5da1d1daf7dfc5ddae0b039c6d0602653d6a2b3da08a7125d5575df34032e5f47f1509ce360075dc31d3cc9d633bc3006687e0ea4a58

    Score
    10/10
    dridex22202botnetevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks