Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    LisectAVT_2403002B_159.dll

  • Size

    188KB

  • Sample

    240725-bb4e7axhql

  • MD5

    9bae6b37c68fccca453e2dd0f33b113d

  • SHA1

    aaf2b005c2a21abe4c5b8bf029eea2afee2d5549

  • SHA256

    056cdb544f37d5bd97e9d78d6afdd23279681ca849e25d377b6a04f5da8108e0

  • SHA512

    0730cf11d0bc99a491e945fd181223bb40b0128fe042ca0b999f742b18eaeafe0c4fb640f4fb178fdc594358fe16c50d89fbe03355983577b9009cc19b42a3ef

  • SSDEEP

    3072:1hkmmmmmmmmmJJ+uMK7pq+N2B5mZS7kmmmmmmmmmpAmcZfwxb603tfNiwcD7Nxmo:16mmmmmmmmmj+uMAMY2B5mZS7kmmmmmR

Malware Config

Extracted

Family

dridex

Botnet

111

C2

209.151.236.42:443

91.121.94.86:8172

5.189.144.136:6516

rc4.plain
rc4.plain

Targets

    • Target

      LisectAVT_2403002B_159.dll

    • Size

      188KB

    • MD5

      9bae6b37c68fccca453e2dd0f33b113d

    • SHA1

      aaf2b005c2a21abe4c5b8bf029eea2afee2d5549

    • SHA256

      056cdb544f37d5bd97e9d78d6afdd23279681ca849e25d377b6a04f5da8108e0

    • SHA512

      0730cf11d0bc99a491e945fd181223bb40b0128fe042ca0b999f742b18eaeafe0c4fb640f4fb178fdc594358fe16c50d89fbe03355983577b9009cc19b42a3ef

    • SSDEEP

      3072:1hkmmmmmmmmmJJ+uMK7pq+N2B5mZS7kmmmmmmmmmpAmcZfwxb603tfNiwcD7Nxmo:16mmmmmmmmmj+uMAMY2B5mZS7kmmmmmR

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks