Overview

overview

10

Static

static

3

dc2670f108...5a.dll

windows7-x64

10

dc2670f108...5a.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90eaea5654f4d01c08962f961d5893ac.zip

  • Size

    398KB

  • Sample

    240831-eax4katgrm

  • MD5

    47536649524545a233772946f70fa667

  • SHA1

    d3ecd292c057532465bcae97fc15bc17422d635e

  • SHA256

    55ea2035ed3aa0a5fe5ddb1cff3c9fd8e4f0225582317f14805b68fab00b9762

  • SHA512

    071a7254c071ff2328568fb94f51a421ce904409ee23bd7360deaee103a800bf851fcfb3823b8b7922f74bca99d1d3a5f4e905699e49efa5f59a90c0cedcc273

  • SSDEEP

    12288:UUe6DHQrISNhpIQPkmYNdDTBBYZFAj1lY:UUeQwZNHIwY/pBWehlY

Score
10/10
dridex10222botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602
rc4.plain
rc4.plain

Targets

    • Target

      dc2670f1082f73b5fae07b86e8c35433ef505ce3de34a7a2039f27533139335a

    • Size

      620KB

    • MD5

      90eaea5654f4d01c08962f961d5893ac

    • SHA1

      dce184b083d8776a3ec54a2dd2ae7ccbddf7f07e

    • SHA256

      dc2670f1082f73b5fae07b86e8c35433ef505ce3de34a7a2039f27533139335a

    • SHA512

      05bc5474f5246b70e604ec616e3969b1de1573693e98c72e240ed72e95825315ba83e27302f19f6e2b460dc925c9e702985ec057e9a9f808fd1c3f9fe3f78ecb

    • SSDEEP

      12288:0E6rSil4Pbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1WO/zFZxm:6e3Q3j0dMZnCutz4zI5xDwXUAms

    Score
    10/10
    dridex10222botnetdiscoveryevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks