Overview

overview

10

Static

static

Ref_Sept24-2020.exe

windows7-x64

10

Ref_Sept24-2020.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ref_Sept24-2020.exe

  • Size

    734KB

  • Sample

    221226-pc8yysga9s

  • MD5

    d594e8a2098a81c9bfa24f3c17c992e6

  • SHA1

    b9c820973407c7b4bef5b9ce98b7af62cafa397d

  • SHA256

    fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d

  • SHA512

    50049d1ded3f8cfcb6aa839c0341e91bb39b46dbd5376533f2725ce27e6ae5059d3f5af71100dd025b03b7a3cf90bfa920a93818ac1bafb30c65460514c4fd47

  • SSDEEP

    12288:EY20AljdZgBPfKfi1leppjfQxAogJfqsUsz0cX0rLfGLEXTMd8MQ5B5rxVCz:Z20gPgFKLfQxAVBbIcXQGL+MWMwTrxMz

Score
10/10
dridex10555botnetevasion

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

151.236.219.181:443

142.4.6.57:14043

162.144.127.197:3786

103.40.116.68:5443
rc4.plain
rc4.plain

Targets

    • Target

      Ref_Sept24-2020.exe

    • Size

      734KB

    • MD5

      d594e8a2098a81c9bfa24f3c17c992e6

    • SHA1

      b9c820973407c7b4bef5b9ce98b7af62cafa397d

    • SHA256

      fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d

    • SHA512

      50049d1ded3f8cfcb6aa839c0341e91bb39b46dbd5376533f2725ce27e6ae5059d3f5af71100dd025b03b7a3cf90bfa920a93818ac1bafb30c65460514c4fd47

    • SSDEEP

      12288:EY20AljdZgBPfKfi1leppjfQxAogJfqsUsz0cX0rLfGLEXTMd8MQ5B5rxVCz:Z20gPgFKLfQxAVBbIcXQGL+MWMwTrxMz

    Score
    10/10
    dridex10555botnetevasion

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

2
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks