Dridex_607b61007b50f376827b01c32ce04d653fffe96e41991bf320dcb9501d83e1bc[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Dridex_607b61007b50f376827b01c32ce04d653fffe96e41991bf320dcb9501d83e1bc.zip
Size

363KB
MD5

76a80cc91d5c9282b5ddc807c596e70d
SHA1

ac628ec78b5102b1a6cf73671704371d8cad204e
SHA256

883518d49a087711bf5f08e627f6793f9cfdde5fb4ede9b7ca031a03720e2522
SHA512

f456da467b155d5fc0c4f6cdd79bba08d34e00947b167e06dbab5227c7ea07bb38de753f5ff339edf6b3852f4ceea3d004c76be5f33d36bdfead467d316a9266
SSDEEP

6144:Bsz8beCuWrgDgSe2249cNdo4nMCxJWLYoPOyPN4FnlcqrtYB8kzgY41cRfQr5kiR:BbbeCuWrgDy2gd/nMCxJMOyP6Dc2tq/y

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
static1/unpack001/Dridex_607b61007b50f376827b01c32ce04d653fffe96e41991bf320dcb9501d83e1bc.bin	cryptone

Files

Dridex_607b61007b50f376827b01c32ce04d653fffe96e41991bf320dcb9501d83e1bc.zip
.zip

Password: test1234
Dridex_607b61007b50f376827b01c32ce04d653fffe96e41991bf320dcb9501d83e1bc.bin
.exe windows x86

Password: test1234

076a01ac3aa2ef08320b6c2eb1d0fb39

Code Sign

75:a0:01:5c:45:58:da:79:b9:2c:56:70:7e:f9:a7:eb
Certificate

Issuer

CN=MKTBXSVOFXWHGQSSCI

Not Before

16-09-2020 12:49

Not After

31-12-2039 23:59

Subject

CN=MKTBXSVOFXWHGQSSCI

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:3e:8a:5b:6c:e9:cb:d2:4f:cc:9f:51:8b:fe:99:22:3e:21:0b:be
Signer

Actual PE Digest

10:3e:8a:5b:6c:e9:cb:d2:4f:cc:9f:51:8b:fe:99:22:3e:21:0b:be

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=MKTBXSVOFXWHGQSSCI

24-06-2022 16:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
VirtualAllocEx
RaiseException

user32

LoadIconA
VkKeyScanW
SetWindowLongA
SendMessageA
IsWindow
GetWindowLongA
UnpackDDElParam
FreeDDElParam
DispatchMessageA
PeekMessageA
CloseDesktop
CloseWindowStation
GetWindow
PostQuitMessage
GetDesktopWindow
UpdateWindow
RegisterWindowMessageA
RegisterClipboardFormatA
LoadCursorA
GetClipboardFormatNameA
MessageBoxA
GetParent
RegisterClassA

gdi32

GetEnhMetaFileBits
GetStockObject

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: test1234

Password: test1234

076a01ac3aa2ef08320b6c2eb1d0fb39

Code Sign

75:a0:01:5c:45:58:da:79:b9:2c:56:70:7e:f9:a7:ebCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

10:3e:8a:5b:6c:e9:cb:d2:4f:cc:9f:51:8b:fe:99:22:3e:21:0b:beSigner

Signature Validations

Verification

24-06-2022 16:55 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 512B - Virtual size: 266B

.data Size: 122KB - Virtual size: 122KB

.rdata5 Size: 555KB - Virtual size: 555KB

.rsrc Size: 13KB - Virtual size: 13KB

75:a0:01:5c:45:58:da:79:b9:2c:56:70:7e:f9:a7:eb
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

10:3e:8a:5b:6c:e9:cb:d2:4f:cc:9f:51:8b:fe:99:22:3e:21:0b:be
Signer

24-06-2022 16:55
Valid: false

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 512B - Virtual size: 266B

.data
Size: 122KB - Virtual size: 122KB

.rdata5
Size: 555KB - Virtual size: 555KB

.rsrc
Size: 13KB - Virtual size: 13KB