Overview

overview

10

Static

static

2_kbd101c.dll

windows7_x64

10

5_WfHC.dll

windows7_x64

10

9_shlwapi.dll

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.zip

  • Size

    363KB

  • Sample

    211013-sh83paeea2

  • MD5

    8ec974694be7d747663620c9ebdf6357

  • SHA1

    9b3facbff5ba5c2fd1ff1dd7cfd0979777c24ddf

  • SHA256

    bee7050122d0f8521a11ee7f2e63c70007b217b7558a49629f7a6450a447b74a

  • SHA512

    27760ac773ce0f339197ae1698477b97111cd3af513bec3442019b2709465cf5821b0309580ff472daa10ed06542a43cc39b27fff073fe33ece151754e911962

Score
10/10
dridex22202botnetloader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

178.62.205.130:443

45.90.108.123:13786

198.199.98.78:9217
rc4.plain
rc4.plain

Targets

    • Target

      2_kbd101c.dll

    • Size

      180KB

    • MD5

      13607671c64e6859be1f83fb324344f9

    • SHA1

      6ef50dbb7dff8dd9e860fd1c5b36a4f3df1c2863

    • SHA256

      b8e4c68f8843fe8f2f12d5cc636c824a338ddaa24feee9e9e5e380169b07b231

    • SHA512

      4f466b28d492ef583c2a35998eeaf8645b4afe50fc47aa93de6e8b5a504f420b4ba90e2c0be47469135031f43f79aeb3cbd7662eb5b096385be903724bae4bd7

    Score
    10/10
    dridex22202botnetloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1

    • Target

      5_WfHC.dll

    • Size

      180KB

    • MD5

      172e33cda92623f3f9b3213954f52e9e

    • SHA1

      05f886e3a9d32eb725dc4f3128c62a0165bc0506

    • SHA256

      0d9a0d05c7ba4ae81904e64f66235e032ded422aa95de11b8a9691123f911885

    • SHA512

      6020c33d350c062440ceb9f58bfcece422d71f9f1e36dc155c05f20df752a2a7158d5e62d66eb0f857fb2fc968cd1ed25a3f91b7de0bb4615f15af3ba5c0668e

    Score
    10/10
    dridex22202botnetloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral2

    • Target

      9_shlwapi.dll

    • Size

      180KB

    • MD5

      4e883f7247e1ef95ab0cfc974a5d3b88

    • SHA1

      99049f145d976731e946f70adc70cb243ca93fc9

    • SHA256

      653aa17fbf6949e5bdba2599a9a3df4bb8ec259a5cf0eb7c3b08b6813c4283e7

    • SHA512

      fe9adaa182a3823b79fabfda0f1530c8147b04af39fd0f9e4974033393b8689c506ce75d2fc3b6add28f09c78b9b0873cd0755ba353ffe38760eeadc4bb00660

    Score
    10/10
    dridex22202botnetloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral3

MITRE ATT&CK Matrix

Tasks