dridex | e028f271461ba72f91934ada56064d0eab66b4ad3066d653632fad04351efb00 | Triage

Submit
Reports

Overview

overview

Static

static

8

c6f2239754...50.xls

windows7_x64

c6f2239754...50.xls

windows10_x64

Sharing

General

Target

c6f2239754469a59c8f97e30df2e0950
Size

315KB
Sample

210722-prpyahwfbe
MD5

c6f2239754469a59c8f97e30df2e0950
SHA1

4310f7e6baaf4f86defd9c052ea40649f6b04e9e
SHA256

e028f271461ba72f91934ada56064d0eab66b4ad3066d653632fad04351efb00
SHA512

a5d6d2c4bbfc96626fa2e1a6969b4692f0529f0971b7b4f217e099bb4852427beb669f900f820206c542aab2321411bf4aa3e71e2c2847648806292478aa46dc

Score

10^/10

dridex 22202 botnet evasion loader macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

c6f2239754469a59c8f97e30df2e0950.xls

Resource

win7v20210410

dridex 22202 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c6f2239754469a59c8f97e30df2e0950.xls

Resource

win10v20210408

dridex 22202 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786

rc4.plain

rc4.plain

Targets

- Target
  
  c6f2239754469a59c8f97e30df2e0950
- Size
  
  315KB
- MD5
  
  c6f2239754469a59c8f97e30df2e0950
- SHA1
  
  4310f7e6baaf4f86defd9c052ea40649f6b04e9e
- SHA256
  
  e028f271461ba72f91934ada56064d0eab66b4ad3066d653632fad04351efb00
- SHA512
  
  a5d6d2c4bbfc96626fa2e1a6969b4692f0529f0971b7b4f217e099bb4852427beb669f900f820206c542aab2321411bf4aa3e71e2c2847648806292478aa46dc
Score

10^/10

dridex 22202 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22202botnetevasionloadertrojan

behavioral2

dridex22202botnetevasionloadertrojan

© 2018-2024

Terms | Privacy