dridex | 0c5c0aa62424b9f660bbbe7d6f5bf75ccd92876fff9cfd006f2ffcf8a7b141dd | Triage

Sharing

General

Target

Fmdlmggi.dll
Size

818KB
Sample

201027-ah53r18312
MD5

e20634b13d1713b41d52313702e7fef3
SHA1

bc126efa30a16b2e0dc3fea4988260d2a3cbb880
SHA256

0c5c0aa62424b9f660bbbe7d6f5bf75ccd92876fff9cfd006f2ffcf8a7b141dd
SHA512

e8da1da8b65cfff5b124ec8ed692c2e4950e178a3bc80e10b403c40cdf182b2270cd6beedf5441af760086c3172f6a95b92ade29b9f0d28598622771aaafc9d1

Score

10^/10

dridex 10555 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

85.207.13.169:443

74.207.242.13:1688

176.58.101.200:49160

164.132.75.129:3388

rc4.plain

rc4.plain

Targets

- Target
  
  Fmdlmggi.dll
- Size
  
  818KB
- MD5
  
  e20634b13d1713b41d52313702e7fef3
- SHA1
  
  bc126efa30a16b2e0dc3fea4988260d2a3cbb880
- SHA256
  
  0c5c0aa62424b9f660bbbe7d6f5bf75ccd92876fff9cfd006f2ffcf8a7b141dd
- SHA512
  
  e8da1da8b65cfff5b124ec8ed692c2e4950e178a3bc80e10b403c40cdf182b2270cd6beedf5441af760086c3172f6a95b92ade29b9f0d28598622771aaafc9d1
Score

10^/10

dridex 10555 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasionloadertrojan

behavioral2

dridex10555botnetdiscoveryevasionloadertrojan