dridex

General

Target

697c71ffceec34fafacc4a15b6f4a85b137d0eb1cd7411f550d783cbd61a2c53
Size

304KB
Sample

250227-2xjk1ssvdv
MD5

25b19079474809996db957d94cfedca7
SHA1

aa1e7dd98ba2741c493afe70880a2a546c88e701
SHA256

697c71ffceec34fafacc4a15b6f4a85b137d0eb1cd7411f550d783cbd61a2c53
SHA512

266a5b958765bc01feb3e6d2cb15c5299ce2369fbbc70e48a73b0bd43faa84180fed7e91063b27cd3f488181ff6a46b533ac21a1f2729a8395b06b751bcadf3a
SSDEEP

6144:fqWuU/QvBeWgUCFWK9vL5ipw99NaML6EzReGbfUTpYDDmu/+3fbE:CoQRQF7BcyvN87G+pG/YE

Score

10^/10

Malware Config

Extracted

Family

dridex

Botnet

40400

C2

192.175.111.220:443

192.99.41.136:981

198.27.69.201:4643

198.20.228.10:3389

rc4.plain

Targets

- Target
  
  697c71ffceec34fafacc4a15b6f4a85b137d0eb1cd7411f550d783cbd61a2c53
- Size
  
  304KB
- MD5
  
  25b19079474809996db957d94cfedca7
- SHA1
  
  aa1e7dd98ba2741c493afe70880a2a546c88e701
- SHA256
  
  697c71ffceec34fafacc4a15b6f4a85b137d0eb1cd7411f550d783cbd61a2c53
- SHA512
  
  266a5b958765bc01feb3e6d2cb15c5299ce2369fbbc70e48a73b0bd43faa84180fed7e91063b27cd3f488181ff6a46b533ac21a1f2729a8395b06b751bcadf3a
- SSDEEP
  
  6144:fqWuU/QvBeWgUCFWK9vL5ipw99NaML6EzReGbfUTpYDDmu/+3fbE:CoQRQF7BcyvN87G+pG/YE
Score

10^/10

dridex ramnit 40400 banker botnet discovery spyware stealer trojan upx worm
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dridex family

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2