dridex | fdd4ee9e0e1f197e66f1efae2ce26db6ef0a1fa0867f9316c3cdb288fff6690f | Triage

Submit
Reports

Overview

overview

Static

static

8

5d15ccd61f...dd.xls

windows7_x64

5d15ccd61f...dd.xls

windows10_x64

Sharing

General

Target

5d15ccd61fa8f1488c26d0d4e39904dd
Size

315KB
Sample

210721-r7ywkmphxa
MD5

5d15ccd61fa8f1488c26d0d4e39904dd
SHA1

40eeb9943f5af7f3e81c1b1a628919dd47be973e
SHA256

fdd4ee9e0e1f197e66f1efae2ce26db6ef0a1fa0867f9316c3cdb288fff6690f
SHA512

90cc50b5f714c6cb2697cf88f5914a9ed38048e7535910c787133a98b64cc88f2cf7f97167323c1253c8c123d9a5ce75f7dc57dace7fc2e43a4c60e6c4863a0f

Score

10^/10

dridex 22201 botnet evasion loader macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

5d15ccd61fa8f1488c26d0d4e39904dd.xls

Resource

win7v20210410

dridex 22201 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5d15ccd61fa8f1488c26d0d4e39904dd.xls

Resource

win10v20210408

dridex 22201 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786

rc4.plain

rc4.plain

Targets

- Target
  
  5d15ccd61fa8f1488c26d0d4e39904dd
- Size
  
  315KB
- MD5
  
  5d15ccd61fa8f1488c26d0d4e39904dd
- SHA1
  
  40eeb9943f5af7f3e81c1b1a628919dd47be973e
- SHA256
  
  fdd4ee9e0e1f197e66f1efae2ce26db6ef0a1fa0867f9316c3cdb288fff6690f
- SHA512
  
  90cc50b5f714c6cb2697cf88f5914a9ed38048e7535910c787133a98b64cc88f2cf7f97167323c1253c8c123d9a5ce75f7dc57dace7fc2e43a4c60e6c4863a0f
Score

10^/10

dridex 22201 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22201botnetevasionloadertrojan

behavioral2

dridex22201botnetevasionloadertrojan

© 2018-2024

Terms | Privacy