dridex | 4d21115441459063cf8403f94d3bb37201666be30622cb2cb4e2ffb32827192f | Triage

Submit
Reports

Overview

overview

Static

static

Results12232021.xls

windows7_x64

Results12232021.xls

windows10_x64

6

Sharing

General

Target

Results12232021.xls
Size

414KB
Sample

211223-te3beaabd2
MD5

8d1d1df2277e8730eee7de7fe28f60e1
SHA1

773b3ff48428bdacf2afeb7fc9fd1261a2e0591c
SHA256

4d21115441459063cf8403f94d3bb37201666be30622cb2cb4e2ffb32827192f
SHA512

5f2f3d4b9295171dbbf246e2e6e23d07fa189bc7e3681ffd9c2778e3fef99621bf8f3b0a4c1d70061d6e06ec27f2c38151ccb4ba83b111bfe8051ca045834b76

Score

10^/10

dridex 22201 botnet loader

Static task

static1

Behavioral task

behavioral1

Sample

Results12232021.xls

Resource

win7-en-20211208

dridex 22201 botnet loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Results12232021.xls

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.91.122.102:443

85.10.248.28:593

185.4.135.27:5228

80.211.3.13:8116

rc4.plain

rc4.plain

Targets

- Target
  
  Results12232021.xls
- Size
  
  414KB
- MD5
  
  8d1d1df2277e8730eee7de7fe28f60e1
- SHA1
  
  773b3ff48428bdacf2afeb7fc9fd1261a2e0591c
- SHA256
  
  4d21115441459063cf8403f94d3bb37201666be30622cb2cb4e2ffb32827192f
- SHA512
  
  5f2f3d4b9295171dbbf246e2e6e23d07fa189bc7e3681ffd9c2778e3fef99621bf8f3b0a4c1d70061d6e06ec27f2c38151ccb4ba83b111bfe8051ca045834b76
Score

10^/10

dridex 22201 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22201botnetloader

behavioral2

© 2018-2024

Terms | Privacy