dridex

General

Target

Information_219488309.doc
Size

234KB
Sample

201028-5zh59bj3de
MD5

ee1d7753232b3855e6f631359d6bdd8b
SHA1

ad5b90796f39c016328c90647d47a3f96334843a
SHA256

59b1087ec423c56cba3ca5ef050b8f86a9fb22ddddcf096ca6d92363efaabe2f
SHA512

f86179dc671ad87370370533a7924e27ea2211e5f03fe37653d2b3eab83c514f3a54dfe4697590b684d6314ab727f7aedeb5f98d3dfedfddb620522fbc4e26af

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://custom.robi2.hu/r0779g.zip

exe.dropper

https://cisrs.in/home4/myclonr9/cisrs.in/resources//qcthkrzo.pdf

exe.dropper

http://b15.robi2.hu/bznqxuny1.zip

exe.dropper

https://puzzle.altosaxplayer.com/c1ycpxxxc.zip

exe.dropper

http://mayhutchankhong.tv/ug6utpv39

Extracted

Family

dridex

Botnet

10555

C2

85.207.13.169:443

74.207.242.13:1688

176.58.101.200:49160

164.132.75.129:3388

rc4.plain

Targets

- Target
  
  Information_219488309.doc
- Size
  
  234KB
- MD5
  
  ee1d7753232b3855e6f631359d6bdd8b
- SHA1
  
  ad5b90796f39c016328c90647d47a3f96334843a
- SHA256
  
  59b1087ec423c56cba3ca5ef050b8f86a9fb22ddddcf096ca6d92363efaabe2f
- SHA512
  
  f86179dc671ad87370370533a7924e27ea2211e5f03fe37653d2b3eab83c514f3a54dfe4697590b684d6314ab727f7aedeb5f98d3dfedfddb620522fbc4e26af
Score

10^/10

dridex 10555 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Process spawned unexpected child process

Dridex Loader

Blocklisted process makes network request

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2