General
-
Target
40425d09e54ff26289dd074649f0cad9
-
Size
711KB
-
Sample
210714-gynznarqsn
-
MD5
40425d09e54ff26289dd074649f0cad9
-
SHA1
ae7e4df26092d9acf01b732c8144f0170ccc6556
-
SHA256
6f8f1b26324ea0f3f566fbdcb4a61eb92d054ccf0300c52b3549c774056b8f02
-
SHA512
db62ee5908d05d96ca63a852880f79b8ad584d4d7490543e50801d2dcdbb62faab3f311263b14e0ce6e0f6d349be94953dd0d532992739ca71684ad7f4f8dfb7
Malware Config
Extracted
dridex
22202
202.29.60.34:443
66.175.217.172:13786
78.46.78.42:9043
Targets
-
-
Target
40425d09e54ff26289dd074649f0cad9
-
Size
711KB
-
MD5
40425d09e54ff26289dd074649f0cad9
-
SHA1
ae7e4df26092d9acf01b732c8144f0170ccc6556
-
SHA256
6f8f1b26324ea0f3f566fbdcb4a61eb92d054ccf0300c52b3549c774056b8f02
-
SHA512
db62ee5908d05d96ca63a852880f79b8ad584d4d7490543e50801d2dcdbb62faab3f311263b14e0ce6e0f6d349be94953dd0d532992739ca71684ad7f4f8dfb7
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Dridex Loader
Detects Dridex both x86 and x64 loader in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-