dridex | 9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7 | Triage

Submit
Reports

Overview

overview

Static

static

8

9384bb6127...7.xlsm

windows7_x64

9384bb6127...7.xlsm

windows10_x64

Sharing

General

Target

9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7
Size

328KB
Sample

210726-lvpe2fdzme
MD5

5049c8efe625f614b1548ddae83fc621
SHA1

58f791beff16d82d9ec1f65ddb327ff297c7759d
SHA256

9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7
SHA512

b11a347d28a6402404833f98936ac85d6cab8b4c8e09154b525d6bde57f66148172f5f411eff5791fc20e8d97293ed28a78729f153493f9b900c4d50bf00564c

Score

10^/10

dridex 22201 botnet evasion loader macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7.xlsm

Resource

win7v20210410

dridex 22201 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7.xlsm

Resource

win10v20210408

dridex 22201 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain

rc4.plain

Targets

- Target
  
  9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7
- Size
  
  328KB
- MD5
  
  5049c8efe625f614b1548ddae83fc621
- SHA1
  
  58f791beff16d82d9ec1f65ddb327ff297c7759d
- SHA256
  
  9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7
- SHA512
  
  b11a347d28a6402404833f98936ac85d6cab8b4c8e09154b525d6bde57f66148172f5f411eff5791fc20e8d97293ed28a78729f153493f9b900c4d50bf00564c
Score

10^/10

dridex 22201 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22201botnetevasionloadertrojan

behavioral2

dridex22201botnetevasionloadertrojan

© 2018-2024

Terms | Privacy