dridex | ee492eda053d19e082cd88acef8825e8dfd4616d51689e2e9667f5ed9035b1df | Triage

Submit
Reports

Overview

overview

Static

static

Amazon_eGi...14.scr

windows7_x64

Amazon_eGi...14.scr

windows10_x64

Sharing

General

Target

Amazon_eGift-Card_579366314.scr
Size

905KB
Sample

201126-r8q2v9e7s6
MD5

e3c73316a5a270a82f24e56ec0f62e0e
SHA1

a8adc02637c62262e02f0097222cda0cd2aef013
SHA256

ee492eda053d19e082cd88acef8825e8dfd4616d51689e2e9667f5ed9035b1df
SHA512

b5079ed75843810c30d8c9e947917f9968f3930a7a7ca9b70f0ca22804aa2b29dbeb57c0eee18b94376817949b793ba74a64813fcd52a9e8f30660e4833ea6c5

Score

10^/10

dridex 10555 botnet evasion loader ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Amazon_eGift-Card_579366314.scr

Resource

win7v20201028

dridex 10555 botnet evasion loader ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Amazon_eGift-Card_579366314.scr

Resource

win10v20201028

dridex 10555 botnet evasion loader ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

194.225.58.216:443

178.254.40.132:691

216.172.165.70:3889

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  Amazon_eGift-Card_579366314.scr
- Size
  
  905KB
- MD5
  
  e3c73316a5a270a82f24e56ec0f62e0e
- SHA1
  
  a8adc02637c62262e02f0097222cda0cd2aef013
- SHA256
  
  ee492eda053d19e082cd88acef8825e8dfd4616d51689e2e9667f5ed9035b1df
- SHA512
  
  b5079ed75843810c30d8c9e947917f9968f3930a7a7ca9b70f0ca22804aa2b29dbeb57c0eee18b94376817949b793ba74a64813fcd52a9e8f30660e4833ea6c5
Score

10^/10

dridex 10555 botnet evasion loader ransomware
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Loads dropped DLL
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetevasionloaderransomware

behavioral2

dridex10555botnetevasionloaderransomware

© 2018-2024

Terms | Privacy