dridex | 081618f7d9c6c92271f8d6bc65c8e13f33dfe9e5022f06aaec95664ee31fead4 | Triage

Submit
Reports

Overview

overview

Static

static

8

SecuriteIn...4.xlsm

windows7_x64

SecuriteIn...4.xlsm

windows10_x64

Sharing

General

Target

SecuriteInfo.com.VB.Trojan.Valyria.5105.29893.19434
Size

334KB
Sample

210727-89yhy3p1ya
MD5

1f196d875fd7d89ac57831926bbb9563
SHA1

3ed1e676f334ab3f82d3a056dad079f85458bfb4
SHA256

081618f7d9c6c92271f8d6bc65c8e13f33dfe9e5022f06aaec95664ee31fead4
SHA512

299011aff7cf8e9d2c2b74f0ffa64ea733516fb22f4aeed0400c5e3da9f548199024ce7317d849c4af27c3c9de95bc947eaa3f3ffc0e211d94cf60ec4c71f7b2

Score

10^/10

dridex 22201 botnet evasion loader macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.VB.Trojan.Valyria.5105.29893.19434.xlsm

Resource

win7v20210410

dridex 22201 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.VB.Trojan.Valyria.5105.29893.19434.xlsm

Resource

win10v20210408

dridex 22201 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain

rc4.plain

Targets

- Target
  
  SecuriteInfo.com.VB.Trojan.Valyria.5105.29893.19434
- Size
  
  334KB
- MD5
  
  1f196d875fd7d89ac57831926bbb9563
- SHA1
  
  3ed1e676f334ab3f82d3a056dad079f85458bfb4
- SHA256
  
  081618f7d9c6c92271f8d6bc65c8e13f33dfe9e5022f06aaec95664ee31fead4
- SHA512
  
  299011aff7cf8e9d2c2b74f0ffa64ea733516fb22f4aeed0400c5e3da9f548199024ce7317d849c4af27c3c9de95bc947eaa3f3ffc0e211d94cf60ec4c71f7b2
Score

10^/10

dridex 22201 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22201botnetevasionloadertrojan

behavioral2

dridex22201botnetevasionloadertrojan

© 2018-2024

Terms | Privacy