dridex | 8f4306637d344a0673f623cf2b7326fd9b064a5b56b2e88ec3796c879274bf1c | Triage

Submit
Reports

Overview

overview

Static

static

5356d87ef8...26.xls

windows7_x64

5356d87ef8...26.xls

windows10_x64

Sharing

General

Target

5356d87ef86953dfd99fd26b28927226
Size

661KB
Sample

210722-zaq2z7mzwx
MD5

5356d87ef86953dfd99fd26b28927226
SHA1

22747f2e92618dbb0fcbf257b577bf29e382e17c
SHA256

8f4306637d344a0673f623cf2b7326fd9b064a5b56b2e88ec3796c879274bf1c
SHA512

dbbf6853483c6979ffcf2e58159b17fb97a9a30196204a27a65171858b2d0aa63e3cf481307f2c97f387584ba79585326661598d9d142e45993bd63b29eb174b

Score

10^/10

dridex 22202 botnet evasion loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

5356d87ef86953dfd99fd26b28927226.xls

Resource

win7v20210408

dridex 22202 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5356d87ef86953dfd99fd26b28927226.xls

Resource

win10v20210410

dridex 22202 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786

rc4.plain

rc4.plain

Targets

- Target
  
  5356d87ef86953dfd99fd26b28927226
- Size
  
  661KB
- MD5
  
  5356d87ef86953dfd99fd26b28927226
- SHA1
  
  22747f2e92618dbb0fcbf257b577bf29e382e17c
- SHA256
  
  8f4306637d344a0673f623cf2b7326fd9b064a5b56b2e88ec3796c879274bf1c
- SHA512
  
  dbbf6853483c6979ffcf2e58159b17fb97a9a30196204a27a65171858b2d0aa63e3cf481307f2c97f387584ba79585326661598d9d142e45993bd63b29eb174b
Score

10^/10

dridex 22202 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22202botnetevasionloadertrojan

behavioral2

dridex22202botnetevasionloadertrojan

© 2018-2024

Terms | Privacy