dridex | 37ebc1f52a70cf7877b89fdf4c06f51192868143b84e51fbb4c654ef331b4125 | Triage

Sharing

General

Target

37ebc1f52a70cf7877b89fdf4c06f51192868143b84e51fbb4c654ef331b4125
Size

496KB
Sample

220625-1k216afcc7
MD5

f217dcc188d4c3e14de50eb83f240dee
SHA1

d5c1344384cb867fbf5c7771956898e335c47f8a
SHA256

37ebc1f52a70cf7877b89fdf4c06f51192868143b84e51fbb4c654ef331b4125
SHA512

b6f970c33c45276a6abac302fc6367dd48bd958876583383ef830fb8adef0012fd07a854a95dd07d5d85d712e2267248c4bafdd912b49ebb450d1c191d49f861

Score

10^/10

dridex botnet

Malware Config

Extracted

Family

dridex

C2

23.226.225.152:443

178.128.20.11:3389

198.23.146.216:8443

206.189.112.148:691

Targets

- Target
  
  STI_389497438854689.vbs
- Size
  
  3.0MB
- MD5
  
  abf6e9892c2de2d0df9dc8a80f7dd4ca
- SHA1
  
  026493fb163831a7b0678bc51d851dc722d61888
- SHA256
  
  4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c
- SHA512
  
  237df4beefc43d8f2c38c492f2e5223ef3782e42ee47099afeee0fa9a157649899f4533a9dc697a694a6726b55982f934a33cb1167b5255e336c89859b5f366f
Score

10^/10

dridex botnet
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2