dridex | hxxps://traffic[.]selfadtracker1[.]online/cryptopayself?cpm_id=428062182&cpm_cost=0[.]001 | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

https://traffic.self...

windows10_x64

Sharing

General

Target

https://traffic.selfadtracker1.online/cryptopayself?cpm_id=428062182&cpm_cost=0.001
Sample

211223-daxblaggd3

Score

10^/10

dridex 10111 botnet

Static task

static1

URLScan task

urlscan1

Sample

https://traffic.selfadtracker1.online/cryptopayself?cpm_id=428062182&cpm_cost=0.001

Behavioral task

behavioral1

Sample

https://traffic.selfadtracker1.online/cryptopayself?cpm_id=428062182&cpm_cost=0.001

Resource

win10-en-20211208

dridex 10111 botnet

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

103.70.29.165:443

202.28.80.101:7443

91.121.146.47:10443

175.126.176.79:9676

rc4.plain

rc4.plain

Targets

- Target
  
  https://traffic.selfadtracker1.online/cryptopayself?cpm_id=428062182&cpm_cost=0.001
Score

10^/10

dridex 10111 botnet
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

dridex10111botnet

© 2018-2024

Terms | Privacy