Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

8067936122.zip
Size

161KB
Sample

220922-g5v9kaeabl
MD5

4c2c7a7fa3adb382a1cb79857c41cbaa
SHA1

0a853d5bb301dfbbcd13340f1449b7970621e528
SHA256

d56ca9626b0b7984d84ee46f9b999b1e1b33a06bad2455b15663a47a271993a7
SHA512

c6f4f848001444a06d7596d3b1c887b245c1b45a3bc901ec204c04cfe8b075847d64679b2e565812d4f48090a7faa86b5e336de1f9f96347322d8eba216e82f5
SSDEEP

3072:VCRNSCFehPbf4YA6fz5TGrCtet99WAGrC5f8Pu9OSLVOiIoG:VUNSCFeAm56rCtK9NGrofqQOiIZ

Score

10^/10

dridex 22201 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

195.154.146.84:443

45.56.121.87:8116

157.245.222.44:5723

rc4.plain

rc4.plain

Targets

- Target
  
  3c4be1285b8069c2db590c1de6a77adef3198cc9c3f323aef5de73753421c2e8
- Size
  
  244KB
- MD5
  
  94395a29f0cf16cc80c2a1a4aee0d8d4
- SHA1
  
  c40574963b019d49fae4cffcefd970edf3957826
- SHA256
  
  3c4be1285b8069c2db590c1de6a77adef3198cc9c3f323aef5de73753421c2e8
- SHA512
  
  ca4fbefdfd4437f01d11545a28a3d21873f417a237a2e4a7e5c10abc2d59abbe5ffcdb146144e1c7dcfb304b9d747b119c8b1f0e72ac312c0a029cf12985d9f8
- SSDEEP
  
  3072:2EmMHLYjs2g+ciAlYDyOWIsh0pMf+66C4FxTdCU1byGkGcyXDTEXlDkr/:9rHL+tg+cGyZzheB6b4fJCwb8d0E
Score

10^/10

dridex 22201 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

dridex22201botnetloader

behavioral2

dridex22201botnetloader