Overview

overview

10

Static

static

1

13c5b33339...67.exe

windows7-x64

10

13c5b33339...67.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67.zip

  • Size

    131KB

  • Sample

    230310-m4spyada66

  • MD5

    854e816a678239cc4ba2c2d3f197c518

  • SHA1

    48370b11c4e6b8d30114be613dede25628d16f54

  • SHA256

    cf4274091b36b7439231891e5b2268db1049442a950160302415902567867d9f

  • SHA512

    eecc10fb4acd1b44391c71f599535e4e354882c391e5fbdeb5a94609994dda982f71499597b664dc5594cfca416f8d81a31c77710573be62a1ccc9c0fcffac5e

  • SSDEEP

    3072:GHtLq7txXldO+cy5sS5uHPh9Shz/2AX7ACICsZcR2kqXlq0160IDN:qtu7GDS6XmCAX7TICsZ5lqGgDN

Score
10/10
dridexbotnetevasiontrojan

Malware Config

Extracted

Family

dridex

C2

107.191.111.143:443

91.235.129.113:443

185.16.41.224:443

Targets

    • Target

      13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67.exe

    • Size

      228KB

    • MD5

      07b0ce2dd0370392eedb0fc161c99dc7

    • SHA1

      abf30fe414f07060b95e49034f05f3e4698d71d8

    • SHA256

      13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67

    • SHA512

      cada09b81bb4d065d27b9293e5a87a04735b279f48fef22f0ea7e5c94af91798dd257d356585b3e71735e90288a364b38831071f5443a61fd29677fd4f1a907d

    • SSDEEP

      3072:2OiQhEurPRvwXXgtxshEo8bXBkAPz/oEqlDq1vnPMqDPeyw+shR39BqWk:2Oi4EQSXWxsaxhrQ5lsXwj

    Score
    10/10
    dridexbotnetevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Deletes itself

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks