Overview

overview

10

Static

static

3

dde26caf50...8a.dll

windows7-x64

10

dde26caf50...8a.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc540423c30b8ddc7558d0d6f50d30f1.zip

  • Size

    391KB

  • Sample

    240901-h4x77svcnp

  • MD5

    e4fb344e7a6de017594a3ebfaa8db96c

  • SHA1

    da09d29700ea8f185bfc2d6e8e04ba85c241a7e1

  • SHA256

    abcb5f6c8333cd8021a6a43c14cf1cfaaa8f8f7348aa352e09ea763e6c0d84d6

  • SHA512

    b16f09c63fe98f7489ce3b094b6d5ef2cafc5f2d064d7537b0dfc78c05ab601b18b0a090f49e86057f524ef72a1468bc483e0268ebdc593ea886dfefafd64ac8

  • SSDEEP

    12288:RqBGuYEcArsfLXIbSKjm9lB/7q+giDzsHL2/u1KwE:0FIkPMldLginsHLn19E

Score
10/10
dridex10444botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602
rc4.plain
rc4.plain

Targets

    • Target

      dde26caf508d4f91f3ff5f1cb151d3031fae1474ef9d8db5cd48d8df334c098a

    • Size

      608KB

    • MD5

      cc540423c30b8ddc7558d0d6f50d30f1

    • SHA1

      1ee21a99fcf19663978cdadb8d44b899e42fd642

    • SHA256

      dde26caf508d4f91f3ff5f1cb151d3031fae1474ef9d8db5cd48d8df334c098a

    • SHA512

      3d9cb78581f5a1d0f51bac7513c9287c66fb6371f639bc71f3e02470132e164697afb3ec941d88859450b58df292a16b83b81a6436d4bd9ff11c0646354a1d0d

    • SSDEEP

      12288:gZGQdqOG+oJqydLqQSeCqsVK8kPRGO35N9mV4zXc6V:gZ0DWjeCVVK8kP9N9oE/

    Score
    10/10
    dridex10444botnetdiscoveryevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks