1.zip

General
Target

1.zip

Size

363KB

Sample

211013-sh83paeea2

Score
10 /10
MD5

8ec974694be7d747663620c9ebdf6357

SHA1

9b3facbff5ba5c2fd1ff1dd7cfd0979777c24ddf

SHA256

bee7050122d0f8521a11ee7f2e63c70007b217b7558a49629f7a6450a447b74a

SHA512

27760ac773ce0f339197ae1698477b97111cd3af513bec3442019b2709465cf5821b0309580ff472daa10ed06542a43cc39b27fff073fe33ece151754e911962

Malware Config

Extracted

Family dridex
Botnet 22202
C2

178.62.205.130:443

45.90.108.123:13786

198.199.98.78:9217

rc4.plain
rc4.plain
Targets
Target

2_kbd101c.dll

MD5

13607671c64e6859be1f83fb324344f9

Filesize

180KB

Score
10 /10
SHA1

6ef50dbb7dff8dd9e860fd1c5b36a4f3df1c2863

SHA256

b8e4c68f8843fe8f2f12d5cc636c824a338ddaa24feee9e9e5e380169b07b231

SHA512

4f466b28d492ef583c2a35998eeaf8645b4afe50fc47aa93de6e8b5a504f420b4ba90e2c0be47469135031f43f79aeb3cbd7662eb5b096385be903724bae4bd7

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

Target

5_WfHC.dll

MD5

172e33cda92623f3f9b3213954f52e9e

Filesize

180KB

Score
10 /10
SHA1

05f886e3a9d32eb725dc4f3128c62a0165bc0506

SHA256

0d9a0d05c7ba4ae81904e64f66235e032ded422aa95de11b8a9691123f911885

SHA512

6020c33d350c062440ceb9f58bfcece422d71f9f1e36dc155c05f20df752a2a7158d5e62d66eb0f857fb2fc968cd1ed25a3f91b7de0bb4615f15af3ba5c0668e

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

Target

9_shlwapi.dll

MD5

4e883f7247e1ef95ab0cfc974a5d3b88

Filesize

180KB

Score
10 /10
SHA1

99049f145d976731e946f70adc70cb243ca93fc9

SHA256

653aa17fbf6949e5bdba2599a9a3df4bb8ec259a5cf0eb7c3b08b6813c4283e7

SHA512

fe9adaa182a3823b79fabfda0f1530c8147b04af39fd0f9e4974033393b8689c506ce75d2fc3b6add28f09c78b9b0873cd0755ba353ffe38760eeadc4bb00660

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10

                          behavioral3

                          10/10