Overview

overview

10

Static

static

7dd8bbb9b9...35.dll

windows7_x64

10

7dd8bbb9b9...35.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7dd8bbb9b93ed61a35759dc69b44f1a250a8ee942cf331218918500e81ed1635

  • Size

    361KB

  • Sample

    220201-l2e6dsdbd3

  • MD5

    b48e451bae8073a323a9c6038f950734

  • SHA1

    5a7d276a64bb12b1b312c77da71360b88f793985

  • SHA256

    7dd8bbb9b93ed61a35759dc69b44f1a250a8ee942cf331218918500e81ed1635

  • SHA512

    f9f1df09cc303efe037d76e9632e1021b6033eab489a7bef290aa9d5348a18cb6dc50ebcbc08cc00a00aebdc4ce6bbed763ec601a1d08348a1934e7c4f79a03a

Score
10/10
dridex10555botnetevasionpersistencetrojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

79.137.83.50:443

173.212.212.173:3074

80.86.81.31:3389

85.25.185.155:691
rc4.plain
rc4.plain

Targets

    • Target

      7dd8bbb9b93ed61a35759dc69b44f1a250a8ee942cf331218918500e81ed1635

    • Size

      361KB

    • MD5

      b48e451bae8073a323a9c6038f950734

    • SHA1

      5a7d276a64bb12b1b312c77da71360b88f793985

    • SHA256

      7dd8bbb9b93ed61a35759dc69b44f1a250a8ee942cf331218918500e81ed1635

    • SHA512

      f9f1df09cc303efe037d76e9632e1021b6033eab489a7bef290aa9d5348a18cb6dc50ebcbc08cc00a00aebdc4ce6bbed763ec601a1d08348a1934e7c4f79a03a

    Score
    10/10
    dridex10555botnetevasionpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Sets service image path in registry

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks