Overview

overview

10

Static

static

8_System.S...ni.dll

windows7_x64

10

8_System.S...ni.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8_System.ServiceModel.Channels.ni.dll

  • Size

    180KB

  • Sample

    211021-q4t5jsadc8

  • MD5

    af32e0c03835e1d21cb9c23dffb94198

  • SHA1

    ab7f8557a2d75c313f79ae3f0a4d090d74ba30d1

  • SHA256

    deb17df5c51fdea65b3d342426ab48560633ead10438762c9baec0aebecf2ad4

  • SHA512

    8d3eb4269b33514442d04b8aabe2ed173f9c6179bccf3bf8ab285ae10236b17d20564f7d5da15390da45d6a29518696f0d071eb9133d36af2048f764ea88d5e8

Score
10/10
dridex22202botnetloader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

155.138.203.91:443

207.180.220.242:8116

46.101.142.214:6891
rc4.plain
rc4.plain

Targets

    • Target

      8_System.ServiceModel.Channels.ni.dll

    • Size

      180KB

    • MD5

      af32e0c03835e1d21cb9c23dffb94198

    • SHA1

      ab7f8557a2d75c313f79ae3f0a4d090d74ba30d1

    • SHA256

      deb17df5c51fdea65b3d342426ab48560633ead10438762c9baec0aebecf2ad4

    • SHA512

      8d3eb4269b33514442d04b8aabe2ed173f9c6179bccf3bf8ab285ae10236b17d20564f7d5da15390da45d6a29518696f0d071eb9133d36af2048f764ea88d5e8

    Score
    10/10
    dridex22202botnetloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks