dridex | 5300cf76e5fd796286018c6f6a1c0cd470cc81e74691642613361839c1949fb1

General

Target

5300cf76e5fd796286018c6f6a1c0cd470cc81e74691642613361839c1949fb1
Size

86KB
MD5

391f0a882881d32c218f2e56aeb983dd
SHA1

2aa1ad36b1cd9dbe3fe98b0e5cc18fb5a3afabb9
SHA256

5300cf76e5fd796286018c6f6a1c0cd470cc81e74691642613361839c1949fb1
SHA512

c62900aa469f88cbe5a9535382d97e787dd723e96e6ec8c3272b78d7ace501516f82e7546126d50ef0106f688c0abbb87747fb276ec43cf40523a6fa2d86e450
SSDEEP

1536:VrHBIvOhBhjs4+8GJ0VHFB/rIhvIIH8oG2uwF9G+pnbj7R++21cxjS4Yn:lHBnjbhbNrmvHHB8+dbnQ+21cgJn

Score

10^/10

40400 dridex

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

132.255.244.130:443

111.67.77.202:3389

198.50.236.57:443

45.122.223.13:8443

rc4.plain

Signatures

Dridex family
dridex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a16fce2955ac93ba1e3b7fff5755b943601260d5574d1165e8592f3a2caf109a.exe

Files

5300cf76e5fd796286018c6f6a1c0cd470cc81e74691642613361839c1949fb1
.zip

Password: infected
a16fce2955ac93ba1e3b7fff5755b943601260d5574d1165e8592f3a2caf109a.exe
.exe windows:5 windows x86 arch:x86

eb76140cc31cd615e218e51dbcad0a7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
ExitProcess
GetComputerNameW
AddVectoredExceptionHandler
OutputDebugStringW
Sleep

advapi32

GetUserNameW

Exports

Exports

DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

eb76140cc31cd615e218e51dbcad0a7b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB