dridex | 8dc0483e4a93cca5ebd8cd2aa0b2255284e5e308cb218a7900bd75d2759afd45 | Triage

Sharing

General

Target

dlls.zip
Size

370KB
Sample

211018-vapp7adhd4
MD5

ef74de7f824852faca7379371e3c3ffa
SHA1

b18cceb336d6f89830d7e047ca789d9a4d2d703f
SHA256

8dc0483e4a93cca5ebd8cd2aa0b2255284e5e308cb218a7900bd75d2759afd45
SHA512

bce36e152bed98545f1e758fbe36b9d1e24da05b5e63185b45601fbe30518fa11dbc9c739c93b07ec0a0029b74547ddbdcd15a3fe8fc49258625d8e45d13d76d

Score

10^/10

dridex 22203 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

195.154.146.84:443

45.56.121.87:8116

157.245.222.44:5723

rc4.plain

rc4.plain

Targets

- Target
  
  1_FXSMON.dll
- Size
  
  180KB
- MD5
  
  12e2b3b7496802dc7e43d1f33c7d49f7
- SHA1
  
  464558590e747b94ed79104e0f96fe3d8c183638
- SHA256
  
  674ea6b589e099d7016e6a0819c93c40635dad688c56bbe88864b17f8c2aba6a
- SHA512
  
  9b277da86d8c598e2c69c44c02cc9f7d77d6736e910dfa72313c3a946e47b0c1ad1e6c496bfe2932abccd59bc6134320bd2641d36234922baad04b186d660ce0
Score

10^/10

dridex 22203 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2
- Target
  
  2_System.Windows.Forms.DataVisualization.Design.ni.dll
- Size
  
  180KB
- MD5
  
  d08861f67ff78ce290400918bef9d6d3
- SHA1
  
  84fa96bab75c39763e98cae598d66bc2e0372cc5
- SHA256
  
  8321ba3134a0517c02ddf3b26163afa155aeb6aa606a2825618671372679c4a2
- SHA512
  
  e502f2e8ed1c45a1de6d8a9fb3f610cf97adf71f2504284bbccd42dd436e08d483536ac031e022526c951a21b7521322cc5f78863e1cea40003e5c4b8c912bd5
Score

10^/10

dridex 22203 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral3 behavioral4
- Target
  
  5_System.dll
- Size
  
  180KB
- MD5
  
  30b913484349656a5d564683014b3123
- SHA1
  
  92c62b5ab0bdc8abe527793734ce50d301d19832
- SHA256
  
  7f6c9e12378f25dcb15b33cac561c027bc8c4cfeab8a41588fd7fd9faca96d30
- SHA512
  
  3f7f00ce39d4d293d475e0b8d1e0521c4c1abbbb34942ca9d927ae5f50c275feaf884a198f105e2dc0764721c56b3ff2a47884f9cac1165920ece8515819e697
Score

10^/10

dridex 22203 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral5 behavioral6

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

dridex22203botnetloader

behavioral2

dridex22203botnetloader

behavioral3

dridex22203botnetloader

behavioral4

dridex22203botnetloader

behavioral5

dridex22203botnetloader

behavioral6

dridex22203botnetloader