Overview

overview

10

Static

static

3

fqvzp6.jpg.dll

windows7-x64

10

fqvzp6.jpg.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fqvzp6.jpg.malware

  • Size

    664KB

  • Sample

    240506-v14xsseh64

  • MD5

    0657afb2f41c9b824c4fbf1a9978bdd8

  • SHA1

    ec4a90033667f7ee43df69a56ffe0ef92aecf0fe

  • SHA256

    498f8701127ca96742a9a634e0ac939dcbc05167e8799e61d8c93de51cda335c

  • SHA512

    2da96c02dbee1812b827d0588400fc34db2fe7a3d48af19860476c912343425af7d35e651a73031c5c7b8a9a785dfbd6f65d4eaf4cb0c7afbfedc15d121cba2a

  • SSDEEP

    12288:k/0Qzqf0evi48TM+6TFKywVt6PbEYU0eyJTT/Mu9oV01unoaEP:i0zhvQn6TFKywvCbEOxDMu9oyRaEP

Score
10/10
dridex10222botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602
rc4.plain
rc4.plain

Targets

    • Target

      fqvzp6.jpg.malware

    • Size

      664KB

    • MD5

      0657afb2f41c9b824c4fbf1a9978bdd8

    • SHA1

      ec4a90033667f7ee43df69a56ffe0ef92aecf0fe

    • SHA256

      498f8701127ca96742a9a634e0ac939dcbc05167e8799e61d8c93de51cda335c

    • SHA512

      2da96c02dbee1812b827d0588400fc34db2fe7a3d48af19860476c912343425af7d35e651a73031c5c7b8a9a785dfbd6f65d4eaf4cb0c7afbfedc15d121cba2a

    • SSDEEP

      12288:k/0Qzqf0evi48TM+6TFKywVt6PbEYU0eyJTT/Mu9oV01unoaEP:i0zhvQn6TFKywvCbEOxDMu9oyRaEP

    Score
    10/10
    dridex10222botnetdiscoveryevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks