dridex | 486595b3d4455bcc21a1a2192720f7cf122ecbc875d14fe73d070698ad52e89c | Triage

Sharing

General

Target

486595b3d4455bcc21a1a2192720f7cf122ecbc875d14fe73d070698ad52e89c
Size

470KB
Sample

220714-dpqglabaem
MD5

0cd6d104607ad5536914a88f1ca0ffbd
SHA1

352de3e3268f58ba2413bb70a837494ab3e645e9
SHA256

486595b3d4455bcc21a1a2192720f7cf122ecbc875d14fe73d070698ad52e89c
SHA512

8eb0614c7f77e83189f28e559bed747237de42b8073cfdd11e69eb58ced39553ef20489e98b45f93d6797db78b4ef4efd08dd56abf2bc268326e2a17cf0b43fd

Score

10^/10

dridex botnet

Malware Config

Extracted

Family

dridex

C2

162.213.37.188:443

178.128.20.11:3389

128.199.136.72:691

87.118.70.66:8443

Targets

- Target
  
  ORC_632344671694231.vbs
- Size
  
  3.6MB
- MD5
  
  b99d97ba3b2a9b7870cce7b44c417fe3
- SHA1
  
  5f60479c72aac2800ec0f795a3c0df39b25fc8bf
- SHA256
  
  d9f78770a3888d3e00bf9bbb38220a9efbf07f340e864f595b59f58467eba764
- SHA512
  
  f595cbad293453a093632665e189aab4d022ba3131390e2f8557f80b92c38cddf07fdaac6b584ad0f3b870c80eadcda0459c232763f77b154260a62cb2e2fe4b
Score

10^/10

dridex botnet
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2