Dridex_e9a50d650923e482ddc8bf38b029a2355d8dc804b6c19df8d41efa061df7ed99[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Dridex_e9a50d650923e482ddc8bf38b029a2355d8dc804b6c19df8d41efa061df7ed99.zip
Size

319KB
MD5

5663f39e678931366ed83ec151cd366e
SHA1

a0513ba19598488e7c571b14e990f9b8a11ee058
SHA256

66ad86f7469195bfad90f298c2642f978b9b34646bf5e1d63f2542aa638d5231
SHA512

6ae08f02f84d6d2179cc757990d6bbd8aa7eab3788d3133b069d48c847fc29ac6a45f1702a6c63b526155d66e9d8f973133b4ed92f40452a389329e6496e75f0
SSDEEP

6144:cupYQUfdHv2+RgiBFV0ZkghFjH6ogSbAGUO15lznCNNSQoL7ESukKvyV5bEBzvn:cupYQTggiBF+eIH6ogAAc5lbCLSQoL52

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
static1/unpack001/Dridex_e9a50d650923e482ddc8bf38b029a2355d8dc804b6c19df8d41efa061df7ed99.bin	cryptone

Files

Dridex_e9a50d650923e482ddc8bf38b029a2355d8dc804b6c19df8d41efa061df7ed99.zip
.zip

Password: test1234
Dridex_e9a50d650923e482ddc8bf38b029a2355d8dc804b6c19df8d41efa061df7ed99.bin
.exe windows x86

Password: test1234

8b6aed0801edc89a65a9693a25d53bf6

Code Sign

15:36:14:d9:54:7f:bb:46:b9:46:0d:be:60:ed:c5:b0
Certificate

Issuer

CN=ISFMXLUJNFMBVJUCQC

Not Before

25-07-2020 08:34

Not After

31-12-2039 23:59

Subject

CN=ISFMXLUJNFMBVJUCQC

Extended Key Usages

ExtKeyUsageCodeSigning

13:7c:19:d8:ba:48:69:a5:d6:2a:44:43:c8:a9:bb:59:72:ed:23:d7
Signer

Actual PE Digest

13:7c:19:d8:ba:48:69:a5:d6:2a:44:43:c8:a9:bb:59:72:ed:23:d7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ISFMXLUJNFMBVJUCQC

23-06-2022 17:31
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
CreateMutexA
ContinueDebugEvent
ResumeThread
OutputDebugStringA
OutputDebugStringW
SetThreadContext
GetThreadContext
WaitForDebugEvent
WriteProcessMemory
UnmapViewOfFile
InitializeCriticalSection
FreeConsole
CreateThread
SuspendThread
DebugActiveProcess
SetEnvironmentVariableA
GetCurrentProcessId
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
GetVersionExA
GetProcAddress
LoadLibraryA
GetCommandLineW
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
SetLastError
ReleaseMutex
WaitForSingleObject
OpenMutexA
SetErrorMode
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
MultiByteToWideChar
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
CreateFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
MoveFileA
CreateProcessA
VirtualProtectEx
GetCommandLineA
SetEvent
CreateEventA
GetSystemTimeAsFileTime
ExitProcess
GetLocalTime
GetCurrentThreadId
ReadFile
GetFileSize
CompareStringA
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
HeapSize
FreeLibrary
SetConsoleCtrlHandler
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
CompareStringW
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetDateFormatA
GetTimeFormatA
GetProcessHeap
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
EnterCriticalSection
ReadProcessMemory
LeaveCriticalSection
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
Sleep
GetTickCount
VirtualQueryEx
GetStartupInfoA
GetModuleHandleA
UnhandledExceptionFilter
TerminateProcess
RaiseException
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindClose
GetFileTime
SetFileTime
GetDiskFreeSpaceExW
GetFullPathNameW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
CreateHardLinkW
GetDiskFreeSpaceExA
GetFullPathNameA
RemoveDirectoryA
CreateDirectoryA
CreateHardLinkA
MoveFileW
CopyFileW
CopyFileA
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
LocalFree
FormatMessageA
RtlUnwind
LoadLibraryW

user32

CreateWindowExA
MessageBoxA
DispatchMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
DefDlgProcA
DrawTextA
CreateDialogParamA
RegisterClassExA
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcW
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateDialogIndirectParamA
GetWindowThreadProcessId
SendMessageW
PeekMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
GetDesktopWindow
GetSystemMetrics
MoveWindow
SendMessageA
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
SetTimer
GetMessageA
TranslateMessage
VkKeyScanA
GetThreadDesktop
CloseClipboard
IsCharAlphaA
GetMessagePos
GetKeyboardLayout
ShowCaret
LoadCursorFromFileW
IsClipboardFormatAvailable
IsIconic
GetWindowContextHelpId
GetSysColorBrush
GetClipboardViewer
DestroyIcon
CharLowerW
CountClipboardFormats
IsGUIThread
CharLowerA
GetKeyboardType
IsCharLowerA
GetDC
CloseWindowStation
WindowFromDC
GetProcessWindowStation
CopyIcon
CharNextA
CharUpperA
GetLastActivePopup
EndMenu
GetMessageTime
GetCapture
GetMenuCheckMarkDimensions
GetInputState
GetDlgCtrlID
GetCursor
GetListBoxInfo
IsCharLowerW
LoadCursorFromFileA

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC
GdiGetBatchLimit
CreateMetaFileA
GetFontLanguageInfo
FillPath
GetMapMode
AbortPath
GetTextAlign
CreateSolidBrush
GetROP2
GetBkMode
EndPage
CancelDC
GetSystemPaletteUse
CloseMetaFile
StrokePath
GetColorSpace
CloseFigure
GetStockObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegOpenKeyA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

g
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: test1234

Password: test1234

8b6aed0801edc89a65a9693a25d53bf6

Code Sign

15:36:14:d9:54:7f:bb:46:b9:46:0d:be:60:ed:c5:b0Certificate

Extended Key Usages

13:7c:19:d8:ba:48:69:a5:d6:2a:44:43:c8:a9:bb:59:72:ed:23:d7Signer

Signature Validations

Verification

23-06-2022 17:31 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 368KB - Virtual size: 368KB

.data Size: 8KB - Virtual size: 8KB

g Size: 1024B - Virtual size: 972B

.rsrc Size: 114KB - Virtual size: 114KB

15:36:14:d9:54:7f:bb:46:b9:46:0d:be:60:ed:c5:b0
Certificate

13:7c:19:d8:ba:48:69:a5:d6:2a:44:43:c8:a9:bb:59:72:ed:23:d7
Signer

23-06-2022 17:31
Valid: false

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 368KB - Virtual size: 368KB

.data
Size: 8KB - Virtual size: 8KB

g
Size: 1024B - Virtual size: 972B

.rsrc
Size: 114KB - Virtual size: 114KB