Overview

overview

10

Static

static

eqiun.bin.exe

windows7_x64

10

eqiun.bin.exe

windows11_x64

10

eqiun.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eqiun.bin.zip

  • Size

    292KB

  • Sample

    210827-r25pvc9aa6

  • MD5

    8050e48c5c849bf86261216d6472ed5f

  • SHA1

    22dd8a746bd5ed6c3bc5be9b5e2e32f90e81cb5d

  • SHA256

    f35f84a22e131d123088a357e67bf989c141e8f0b866b3c5622a9f99b72b463d

  • SHA512

    d715d4fa1e2d0532dddaecf374d7500d1c0cfd1109477dbbd8a1b096e7578a97868fd6eb0917340a9f72d3e07f8fc53f1eb8c9bfa57b94dc0e8b9643105ef1aa

Score
10/10
dridex10111botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443
rc4.plain
rc4.plain

Targets

    • Target

      eqiun.bin

    • Size

      1.1MB

    • MD5

      ddea17de92647779d3c228faf3f53f80

    • SHA1

      59edba9c0fa80d4893493e078b32383391f2aa02

    • SHA256

      1a5d00dd5a60a31775819632811dd54a401d9f8ae42d894d2099def897c1b61a

    • SHA512

      8f0eb6b04ceb78572403ff3dd4b24c0ae3ceeea98a349ae167ac2d09e2a8eb441f4e508239c3489b148f6c4fcbbf098a9c5cccdb463fc6e03dbca1a221f1f722

    Score
    10/10
    dridex10111botnetdiscoveryevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks