Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows7-x64

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows7-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows7-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows7-x64

7

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

10

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows7-x64

7

The-MALWAR....A.dll

windows10-2004-x64

6

The-MALWAR...r.xlsm

windows7-x64

10

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...658754

ubuntu-18.04-amd64

8

The-MALWAR...e3c0f1

ubuntu-18.04-amd64

8

The-MALWAR...b16793

ubuntu-18.04-amd64

8

The-MALWAR...9fd013

ubuntu-18.04-amd64

8

The-MALWAR...17bf0d

ubuntu-18.04-amd64

8

The-MALWAR...11b2b2

ubuntu-18.04-amd64

8

The-MALWAR...18cd3a

ubuntu-18.04-amd64

8

The-MALWAR...c0b6aa

ubuntu-18.04-amd64

8

The-MALWAR...cec74a

ubuntu-18.04-amd64

8

The-MALWAR...5211bb

ubuntu-18.04-amd64

8

The-MALWAR...b7a014

ubuntu-18.04-amd64

8

The-MALWAR...dafcbf

ubuntu-18.04-amd64

8

The-MALWAR...ecdf6f

ubuntu-18.04-amd64

8

The-MALWAR...ace289

ubuntu-18.04-amd64

8

The-MALWAR...8ea4f5

ubuntu-18.04-amd64

8

The-MALWAR...c6d281

ubuntu-18.04-amd64

8

Resubmissions

08-02-2024 01:32

240208-bx7pqsbg96 10

27-01-2024 14:19

240127-rmwgqadhc4 10

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2024 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.exe

  • Size

    140KB

  • MD5

    925da3a10f7dde802c8d87047b14fda6

  • SHA1

    1fc59fbf692f690b9fe82cfafc9dcbd5aac31a68

  • SHA256

    c94fe7b646b681ac85756b4ce7f85f4745a7b505f1a2215ba8b58375238bad10

  • SHA512

    82588188de13f34cd751da7409f780c4fc5814da780fe8cad1fa73370414fb24b9822fc56f1f162d0db4a5c27159c225bc4d4fb061a87cb3c0d89b067353a478

  • SSDEEP

    3072:X9z9zjy6WEba5uuoLPhiVF3NT5nNpytoQE:X9J9gu0td5nN4

Score
10/10
dridexbotnet

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Deletes itself 1 IoCs
  • Discovers systems in the same network 1 TTPs 1 IoCs
    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 25 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\Dridex\DridexDroppedVBS.exe
    "C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\Dridex\DridexDroppedVBS.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe "C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\Dridex\DridexDroppedVBS.exe"
      2⤵
      • Deletes itself
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:284
      • C:\Windows\SysWOW64\whoami.exe
        C:\Windows\system32\whoami.exe /all
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2356
      • C:\Windows\SysWOW64\net.exe
        C:\Windows\system32\net.exe view
        3⤵
        • Discovers systems in the same network
        PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/284-10-0x00000000001C0000-0x00000000001E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/284-2-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/284-5-0x0000000075180000-0x0000000075290000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/284-7-0x00000000001C0000-0x00000000001E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/284-6-0x00000000001C0000-0x00000000001E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/284-9-0x00000000001C0000-0x00000000001E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/284-8-0x00000000001C0000-0x00000000001E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/284-11-0x0000000000110000-0x0000000000116000-memory.dmp

    Filesize

    24KB

    Download

  • memory/284-12-0x00000000001C0000-0x00000000001E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/284-25-0x0000000075180000-0x0000000075290000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1636-0-0x0000000000300000-0x0000000000324000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1636-4-0x0000000000300000-0x0000000000324000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1636-1-0x0000000000130000-0x0000000000136000-memory.dmp

    Filesize

    24KB

    Download