dridex | 278f1244b407f4cf155a7e63341681f7f5e61b003e1c2a3a70a9ccfd575006e0 | Triage

Submit
Reports

Overview

overview

Static

static

8

c2d2852e65...82.xls

windows7_x64

c2d2852e65...82.xls

windows10_x64

Sharing

General

Target

c2d2852e6521b53d220c38d2418fc982
Size

313KB
Sample

210721-ptfgan5y9e
MD5

c2d2852e6521b53d220c38d2418fc982
SHA1

4ea6c060741d7161cee11c3ccc085790c9378e6f
SHA256

278f1244b407f4cf155a7e63341681f7f5e61b003e1c2a3a70a9ccfd575006e0
SHA512

46c7c91d8a0e4579aa0d0e46a2f4a07d6a02e221947f1c4bbc8eb4b3aa0f4cc879870c26e171e8bfe34b612d19f7a7c583c3909d90fe8fc3496ec15fe8ac4b26

Score

10^/10

dridex 22201 botnet evasion loader macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

c2d2852e6521b53d220c38d2418fc982.xls

Resource

win7v20210410

dridex 22201 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c2d2852e6521b53d220c38d2418fc982.xls

Resource

win10v20210408

dridex 22201 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786

rc4.plain

rc4.plain

Targets

- Target
  
  c2d2852e6521b53d220c38d2418fc982
- Size
  
  313KB
- MD5
  
  c2d2852e6521b53d220c38d2418fc982
- SHA1
  
  4ea6c060741d7161cee11c3ccc085790c9378e6f
- SHA256
  
  278f1244b407f4cf155a7e63341681f7f5e61b003e1c2a3a70a9ccfd575006e0
- SHA512
  
  46c7c91d8a0e4579aa0d0e46a2f4a07d6a02e221947f1c4bbc8eb4b3aa0f4cc879870c26e171e8bfe34b612d19f7a7c583c3909d90fe8fc3496ec15fe8ac4b26
Score

10^/10

dridex 22201 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22201botnetevasionloadertrojan

behavioral2

dridex22201botnetevasionloadertrojan

© 2018-2024

Terms | Privacy