Overview

overview

10

Static

static

6ef601be11...d5.exe

windows7_x64

10

6ef601be11...d5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ef601be11564ea2f399a96f50975bd5.exe

  • Size

    1.1MB

  • Sample

    210809-tv27knejle

  • MD5

    6ef601be11564ea2f399a96f50975bd5

  • SHA1

    2e9a3806b422073573fa92452aee33196706b841

  • SHA256

    03e67145339e945177a8340a54e2d4a63f1784c78b3e7e0074f2a1486bab9f25

  • SHA512

    c9e18c0637e14086192cea6437675a8e3119f40671f18ae5fd67d3e06295dbd3d6e632e9587fb671b0849f1903d068b16bf2ea7bc9e5af4e247f0d726f970219

Score
10/10
dridex10111botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

176.9.89.122:10172

147.91.31.1:6225

103.30.247.115:7443
rc4.plain
rc4.plain

Targets

    • Target

      6ef601be11564ea2f399a96f50975bd5.exe

    • Size

      1.1MB

    • MD5

      6ef601be11564ea2f399a96f50975bd5

    • SHA1

      2e9a3806b422073573fa92452aee33196706b841

    • SHA256

      03e67145339e945177a8340a54e2d4a63f1784c78b3e7e0074f2a1486bab9f25

    • SHA512

      c9e18c0637e14086192cea6437675a8e3119f40671f18ae5fd67d3e06295dbd3d6e632e9587fb671b0849f1903d068b16bf2ea7bc9e5af4e247f0d726f970219

    Score
    10/10
    dridex10111botnetdiscoveryevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks