dridex | 9af4d082d528b08891e09cce9fb40a66f8414f6e2a71bf2e90a721262584b169 | Triage

Submit
Reports

Overview

overview

Static

static

0b2f7083ce...a7.xls

windows7_x64

0b2f7083ce...a7.xls

windows10_x64

Sharing

General

Target

0b2f7083ce53cfa4fdd59ebeb6cc52a7
Size

659KB
Sample

210721-yh59rxks12
MD5

0b2f7083ce53cfa4fdd59ebeb6cc52a7
SHA1

07a8b1eaf77b6b4b77cca8933678b3bd807d6d4b
SHA256

9af4d082d528b08891e09cce9fb40a66f8414f6e2a71bf2e90a721262584b169
SHA512

9543ebb68b029ed001961e19e7b7d6b9dbe2f0367c30c4025de4e6530642d01343af9b90b45f8a07d149f6060ecc4115a9ff92b5d7f4d375fda556c678434729

Score

10^/10

dridex 22201 botnet evasion loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

0b2f7083ce53cfa4fdd59ebeb6cc52a7.xls

Resource

win7v20210410

dridex 22201 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0b2f7083ce53cfa4fdd59ebeb6cc52a7.xls

Resource

win10v20210410

dridex 22201 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786

rc4.plain

rc4.plain

Targets

- Target
  
  0b2f7083ce53cfa4fdd59ebeb6cc52a7
- Size
  
  659KB
- MD5
  
  0b2f7083ce53cfa4fdd59ebeb6cc52a7
- SHA1
  
  07a8b1eaf77b6b4b77cca8933678b3bd807d6d4b
- SHA256
  
  9af4d082d528b08891e09cce9fb40a66f8414f6e2a71bf2e90a721262584b169
- SHA512
  
  9543ebb68b029ed001961e19e7b7d6b9dbe2f0367c30c4025de4e6530642d01343af9b90b45f8a07d149f6060ecc4115a9ff92b5d7f4d375fda556c678434729
Score

10^/10

dridex 22201 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22201botnetevasionloadertrojan

behavioral2

dridex22201botnetevasionloadertrojan

© 2018-2024

Terms | Privacy