Cridex Analysis using Volatility - by Andre' DiMino - samples and memory analysis resources
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 40f1b2e1-84e9-4e23-85ed-6650fd6994af |
| Fingerprint | c11bbce90421ca9a |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 3, 2012, 12:42 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | UNKNOWN |
| Title | Cridex Analysis using Volatility - by Andre' DiMino - samples and memory analysis resources |
| Detected Hints/Tags/Attributes | 60/2/65 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 32 | cve-2011-0611 |
|
| Details | Domain | 3 | sempersecurus.blogspot.com |
|
| Details | Domain | 79 | code.google.com |
|
| Details | Domain | 1 | hookpublications.com |
|
| Details | Domain | 1 | advancementwowcom.org |
|
| Details | Domain | 1 | tevrom.ro |
|
| Details | Domain | 1 | unboxhibernation.org |
|
| Details | Domain | 1 | w32.palevo.145408.ae |
|
| Details | Domain | 1 | p2p-palevo.145408.ad |
|
| Details | Domain | 1 | keaaushoppingcenter.com |
|
| Details | Domain | 1 | online-cammunity.ru |
|
| Details | Domain | 9 | jsunpack.jeek.org |
|
| Details | Domain | 1 | worm.win32.cridex.gt |
|
| Details | Domain | 3 | bartblaze.blogspot.com |
|
| Details | File | 15 | reader_sl.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | secondwuauclt.exe |
|
| Details | File | 2 | readme.exe |
|
| Details | File | 1 | about.exe |
|
| Details | File | 1 | hp_scan_n989397452.exe |
|
| Details | File | 1 | booking_confirmation_08012012.exe |
|
| Details | File | 1 | ups_label_n8882342.exe |
|
| Details | File | 1 | kb00385258.exe |
|
| Details | File | 1 | atbilred.html |
|
| Details | File | 53 | main.php |
|
| Details | File | 8 | w.php |
|
| Details | File | 1 | mail.htm |
|
| Details | File | 32 | showthread.php |
|
| Details | File | 1 | smona_76b22b77e5df1134619e8ac3fd6a8c8cf72de879e0c4afbd11ebcaa14bc2a38e.bin |
|
| Details | File | 1 | kryptik.ai |
|
| Details | File | 2 | gen.ai |
|
| Details | File | 1 | troj_generic.db |
|
| Details | File | 1 | scan-from-hewlett-packard-scanjet.html |
|
| Details | md5 | 1 | 734AADD62D0662256A65510271D40048 |
|
| Details | md5 | 1 | C497B4D6DFADD4609918282CF91C6F4E |
|
| Details | md5 | 1 | E187763C92E2ACC6BB1C804309EBB381 |
|
| Details | md5 | 1 | 213D5022047029071AFD372302E07DD8 |
|
| Details | md5 | 1 | 43CD850FCDADE4330A5BEA6F16EE971C |
|
| Details | md5 | 2 | 734aadd62d0662256a65510271d40048 |
|
| Details | md5 | 1 | c497b4d6dfadd4609918282cf91c6f4e |
|
| Details | md5 | 1 | 43cd850fcdade4330a5bea6f16ee971c |
|
| Details | md5 | 1 | 213d5022047029071afd372302e07dd8 |
|
| Details | md5 | 1 | e187763c92e2acc6bb1c804309ebb381 |
|
| Details | sha1 | 1 | 67e9c32c97b47e058aeee928c4cdc28773883b90 |
|
| Details | sha1 | 1 | d186e8ebb104ba0d64ad6052107420debef3da00 |
|
| Details | sha1 | 1 | 7263fe0d3a095d59c8e0c895a9c585e343e7141c |
|
| Details | sha1 | 1 | 07777d69d6d6f5e180519988ad3df85613285e58 |
|
| Details | sha1 | 1 | ef006795e39b4cc7469107c0b04d37ca492e062a |
|
| Details | sha1 | 1 | d64623b8b5bbfa20bb7a08a43d7fed0e7d503e4f |
|
| Details | sha256 | 1 | 046a7fac35a29f66e37193a2048f6a324754df131bad07c21f87fc814d7763f5 |
|
| Details | sha256 | 1 | a7e62a16c47fede2772d4f4bf980cdb58b5d110887e001ab632d7f40159dfa13 |
|
| Details | sha256 | 1 | 65bd088579107f13bf5e3aaba25b07b413343a823e7a3499d907b1bf564f36e5 |
|
| Details | sha256 | 1 | c11a3d4f4630211cd458a022fa8c346d8a1a836561897e9ba6b4098605cf49b7 |
|
| Details | sha256 | 1 | 76b22b77e5df1134619e8ac3fd6a8c8cf72de879e0c4afbd11ebcaa14bc2a38e |
|
| Details | Microsoft Patch Numbers | 1 | KB00385258 |
|
| Details | Url | 1 | http://code.google.com/p/volatility/wiki/publicmemoryimages |
|
| Details | Url | 1 | http://hookpublications.com/wp-admin/atbilred.html |
|
| Details | Url | 1 | http://advancementwowcom.org/main.php?page=19152be46559e39d |
|
| Details | Url | 1 | http://advancementwowcom.org/w.php?f=14095&e=2 |
|
| Details | Url | 1 | http://tevrom.ro/modules/atbilred.html |
|
| Details | Url | 1 | http://unboxhibernation.org/w.php?f=14095&e=2 |
|
| Details | Url | 1 | http://camas.comodo.com/cgi-bin/submit?file=a7e62a16c47fede2772d4f4bf980cdb58b5d110887e001ab632d7f40159dfa13 |
|
| Details | Url | 1 | http://keaaushoppingcenter.com/mail.htm |
|
| Details | Url | 1 | http://jsunpack.jeek.org/dec/go?report=07777d69d6d6f5e180519988ad3df85613285e58 |
|
| Details | Url | 1 | http://bartblaze.blogspot.com/2012/07/scan-from-hewlett-packard-scanjet.html |