Overview

overview

10

Static

static

3

66562be2e9...2d.dll

windows7-x64

10

66562be2e9...2d.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9204f297656515a422d2d6403d26115f.zip

  • Size

    423KB

  • Sample

    240901-jev7zsvhqg

  • MD5

    f346a97aebeab45d6b6a1db1de6348cb

  • SHA1

    ddeca9f93edc0d56619d69cc64640d86dc3963ad

  • SHA256

    7c7c0158381f683d35c703adbd32ba33ff810585aff38a5888be8b235b772a46

  • SHA512

    642030267a024b48546cb0427575bf5fb155a0a7c88810ac49d906aad258673503a236314a058971f886f126681bf43aa00d86ade481a41b5b6859df4d1434d6

  • SSDEEP

    12288:mBwxJ8t1sg3bs0UPqwCHX5Uf+W9skBum2vFODpOFrwYb9Dd:mBwxmkg3brUY8+W9skBumOODhYhZ

Score
10/10
dridex10222botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602
rc4.plain
rc4.plain

Targets

    • Target

      66562be2e93162d4f91c9c6fa7a79c7dc270eda727488eada10a24b6c23dd62d

    • Size

      664KB

    • MD5

      9204f297656515a422d2d6403d26115f

    • SHA1

      7b0bfe9bba9c133fd455f60c7d0627bbc9d9c2a6

    • SHA256

      66562be2e93162d4f91c9c6fa7a79c7dc270eda727488eada10a24b6c23dd62d

    • SHA512

      406c8f49086b35dea2ed9eb42ec29c5fb468dc317369c3d19a4e2206714e04c574006f50d8edef8b9ebb60d642c7b2059aed51b9a9cc41d717e42572e465c0de

    • SSDEEP

      12288:q/0Qzqf0e7i489M+6TFKywVt6PbEYU0eyJTT/Mu9oV01u9oaEPu:g0zh7yn6TFKywvCbEOxDMu9oyfaEPu

    Score
    10/10
    dridex10222botnetdiscoveryevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks