WinNT/Cridex (alias Dridex, Drixed)

#10493 by sugar
Wed Dec 21, 2011 12:03 pm

hello, i'm looking for acdd4c2a377933d89139b5ee6eefc464

Username

sugar

Posts

12

Joined

Sat Jul 30, 2011 10:33 am

Re: Malware Requests

#10510 by EP_X0FF
Thu Dec 22, 2011 7:26 am

sugar wrote:hello, i'm looking for acdd4c2a377933d89139b5ee6eefc464

This is Cridex.

Attachments

17.rar

pass: malware
(81.85 KiB) Downloaded 280 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Worm:Win32/Cridex.B

#10757 by rkhunter
Tue Jan 03, 2012 9:16 am

http://www.microsoft.com/security/porta ... 2147649733

Cridex

VT (22/43 >> 51.2%)

Seems this is Cridex too, but it detected as not Cridex by all (ZBot, VirTool)...look VT link (probably this is muldrop)

VT (22/43) >> 51.2%)

Attachments

E990DFD229BD6C6EE29BE0391B415CC4.7z

pass:malware
(76.15 KiB) Downloaded 188 times

C74B0BA90A7085D75C7E7873CACEB0AB.7z

pass:malware
(58.01 KiB) Downloaded 159 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Worm:Win32/Cridex.B

#10758 by EP_X0FF
Tue Jan 03, 2012 10:05 am

rkhunter wrote:Seems this is Cridex too, but it detected as not Cridex by all (ZBot, VirTool)...look VT link (probably this is muldrop)

Yes it is Cridex.B too (http://www.virustotal.com/file-scan/rep ... 1325584240)

VirTool:Win32/VBInject because of crypter that has VB origin, with CreateProcess(CREATE_SUSPENDED)/NtWriteVirtualMemory/NtSetContextThread/NtResumeThread.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Worm:Win32/Cridex.B

#10809 by rkhunter
Thu Jan 05, 2012 3:14 am

Two more Cridex droppers.

VT (3/43 >> 7.0%)

VT (26/43 >> 60.5%)
Under VBCrypt/VBInject.

Attachments

AC3E60BFED664DE6C17B0D11688ADC3B.7z

(58.65 KiB) Downloaded 149 times

71391281F30117266ECD4F083EE81710.7z

pass:malware
(67.07 KiB) Downloaded 144 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Worm:Win32/Cridex.B

#11024 by rkhunter
Sat Jan 14, 2012 4:45 am

Observed as BH payload

MD5: e3fa551432bb0ac6fdcbb992e3332cd3

9/43

Drops to %appdata%\KB00725031.exe

Attachments

E3FA551432BB0AC6FDCBB992E3332CD3.zip

pass:infected
(144.19 KiB) Downloaded 156 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Worm:Win32/Cridex.B

#11158 by dcmorton
Fri Jan 20, 2012 12:25 pm

MS article about Cridex.B being spread through fake traffic ticket notification emails

http://blogs.technet.com/b/mmpc/archive ... lware.aspx

Username

dcmorton

Posts

30

Joined

Tue Nov 16, 2010 4:56 pm

Location

United States

Contact

Re: Worm:Win32/Cridex.B

#11161 by rkhunter
Fri Jan 20, 2012 2:14 pm

Cridex.B

MD5: 98d4503ad44ade815830019ce44caad2
23/43

Attachments

98D4503AD44ADE815830019CE44CAAD2.zip

pass:infected
(76.72 KiB) Downloaded 126 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Worm:Win32/Cridex.B

#11180 by rkhunter
Sat Jan 21, 2012 5:27 am

MD5: 29ff4c6c301a412d0b6ce8f1b44a4983
5/43

Attachments

29FF4C6C301A412D0B6CE8F1B44A4983.zip

pass:infected
(145.97 KiB) Downloaded 122 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Worm:Win32/Cridex.B

#11181 by rkhunter
Sat Jan 21, 2012 5:30 am

MD5: 1fa2fe2e25ddb2365ac942be5e734681
8/43

Attachments

1FA2FE2E25DDB2365AC942BE5E734681.zip

pass:infected
(76.58 KiB) Downloaded 124 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact