Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    necurs

  • Size

    1008KB

  • Sample

    240708-wc1qxatbmg

  • MD5

    6e05e84c7a993880409d7a0324c10e74

  • SHA1

    4cac8146d54c5e47ec1c31a04c3cafdec9fbf209

  • SHA256

    ffb1150bbb28d53f325b00445be935cd657c1d8061ba73e91af5b343b6c0d438

  • SHA512

    4a4fa48ce31abea8cab4ca176f9d5be4b1b9b9c45c574f2e3605eaf04fd2fbd3da37d464300b2954623b0b9d377cff0a47d082b7fc1cc82a6d3eeab87555d43a

  • SSDEEP

    24576:XiB1Q0SPpqqUGB9Qe5k04Q9RGuRUEy3FKEdeybpk/w:XJ/PMq3B9Qet1pyVbNbGo

Malware Config

Extracted

Family

dridex

C2

0.79.198.234:6811

59.14.232.108:13510

153.85.116.88:34145

109.165.79.26:57028

3.48.31.250:32970

198.99.233.8:64668

4.144.183.219:57415

170.9.63.116:12621

82.190.146.50:8956

110.106.233.26:61144

231.170.120.138:36240

104.89.112.76:49715

14.217.137.57:20854

108.38.229.252:62814

53.121.3.237:39876

97.219.18.138:20575

120.178.203.178:46408

220.127.249.215:18420

172.217.87.204:28067

175.53.142.26:45560

Targets

    • Target

      necurs

    • Size

      1008KB

    • MD5

      6e05e84c7a993880409d7a0324c10e74

    • SHA1

      4cac8146d54c5e47ec1c31a04c3cafdec9fbf209

    • SHA256

      ffb1150bbb28d53f325b00445be935cd657c1d8061ba73e91af5b343b6c0d438

    • SHA512

      4a4fa48ce31abea8cab4ca176f9d5be4b1b9b9c45c574f2e3605eaf04fd2fbd3da37d464300b2954623b0b9d377cff0a47d082b7fc1cc82a6d3eeab87555d43a

    • SSDEEP

      24576:XiB1Q0SPpqqUGB9Qe5k04Q9RGuRUEy3FKEdeybpk/w:XJ/PMq3B9Qet1pyVbNbGo

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks