dridex | b11c33ee5fd193e6548d14c2bde4865d30d6d5fd25135bc258cfd8595ae3695c | Triage

Submit
Reports

Overview

overview

Static

static

8

f70c0885e7...ad.xls

windows7_x64

f70c0885e7...ad.xls

windows10_x64

Sharing

General

Target

f70c0885e76e57f37399d54b10f183ad
Size

313KB
Sample

210721-jjgz6n18te
MD5

f70c0885e76e57f37399d54b10f183ad
SHA1

20548e3304d242789766edfe7c8c7d4e9ccd5b25
SHA256

b11c33ee5fd193e6548d14c2bde4865d30d6d5fd25135bc258cfd8595ae3695c
SHA512

5724457de05561b7e54380c3e3157f0f102084699c04340969394b03f6767e0d99a5e3f2a03871483ae7a3a2822e46a923ac85f433fdbfc64a56e6d93a763f6b

Score

10^/10

dridex 22202 botnet evasion loader macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

f70c0885e76e57f37399d54b10f183ad.xls

Resource

win7v20210408

dridex 22202 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f70c0885e76e57f37399d54b10f183ad.xls

Resource

win10v20210410

dridex 22202 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786

rc4.plain

rc4.plain

Targets

- Target
  
  f70c0885e76e57f37399d54b10f183ad
- Size
  
  313KB
- MD5
  
  f70c0885e76e57f37399d54b10f183ad
- SHA1
  
  20548e3304d242789766edfe7c8c7d4e9ccd5b25
- SHA256
  
  b11c33ee5fd193e6548d14c2bde4865d30d6d5fd25135bc258cfd8595ae3695c
- SHA512
  
  5724457de05561b7e54380c3e3157f0f102084699c04340969394b03f6767e0d99a5e3f2a03871483ae7a3a2822e46a923ac85f433fdbfc64a56e6d93a763f6b
Score

10^/10

dridex 22202 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22202botnetevasionloadertrojan

behavioral2

dridex22202botnetevasionloadertrojan

© 2018-2024

Terms | Privacy