Overview

overview

10

Static

static

1

abc.txt

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abc.txt

  • Size

    26B

  • Sample

    241230-r3cpjsxmhl

  • MD5

    77ec9122c07d50702533f30c31bf1216

  • SHA1

    865d4c2651033ae7dde69c77012a6e3875fe88fa

  • SHA256

    d997a546378df1ac4b47a2836b5cb6dfcfbaf10c4298165928237112f2d6cb27

  • SHA512

    8c434e5fb0b0427e50154804b01c6e53ebdad2a5fecd551c84bcecb8147c52cfa18bb9a6f2890ffa3df5a7f28d9a1273cd3c9662a6e8d6c7d42cde503c00a715

Score
10/10
dridex40400botnetdefense_evasiondiscoverypersistence

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

132.255.244.130:443

111.67.77.202:3389

198.50.236.57:443

45.122.223.13:8443
rc4.plain
rc4.plain

Targets

    • Target

      abc.txt

    • Size

      26B

    • MD5

      77ec9122c07d50702533f30c31bf1216

    • SHA1

      865d4c2651033ae7dde69c77012a6e3875fe88fa

    • SHA256

      d997a546378df1ac4b47a2836b5cb6dfcfbaf10c4298165928237112f2d6cb27

    • SHA512

      8c434e5fb0b0427e50154804b01c6e53ebdad2a5fecd551c84bcecb8147c52cfa18bb9a6f2890ffa3df5a7f28d9a1273cd3c9662a6e8d6c7d42cde503c00a715

    Score
    10/10
    dridex40400botnetdefense_evasiondiscoverypersistence

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks