Overview

overview

10

Static

static

7_docprop.dll

windows7_x64

10

7_docprop.dll

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7_docprop.dll

  • Size

    180KB

  • Sample

    211018-tgsvraeghp

  • MD5

    ec40302c6da1f3379ad2db586768b348

  • SHA1

    92d1815b0a70b317ba2efd4d027500bc16e1fd38

  • SHA256

    a63d5af0c6d5817dd92a3efad5233a75704268b37194f4a36765af2d753dbf6e

  • SHA512

    dce2177af00538e9c4809d8f6fd44cd440b7c76edb854e006497c591ce0cfff19b6c37d63c768846f5b37e5dc3f4dde32fa42fe802cd9378b2e55d4cafaf3702

Score
10/10
dridex22203botnetloader

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

195.154.146.84:443

45.56.121.87:8116

157.245.222.44:5723
rc4.plain
rc4.plain

Targets

    • Target

      7_docprop.dll

    • Size

      180KB

    • MD5

      ec40302c6da1f3379ad2db586768b348

    • SHA1

      92d1815b0a70b317ba2efd4d027500bc16e1fd38

    • SHA256

      a63d5af0c6d5817dd92a3efad5233a75704268b37194f4a36765af2d753dbf6e

    • SHA512

      dce2177af00538e9c4809d8f6fd44cd440b7c76edb854e006497c591ce0cfff19b6c37d63c768846f5b37e5dc3f4dde32fa42fe802cd9378b2e55d4cafaf3702

    Score
    10/10
    dridex22203botnetloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks