dridex | 1760a2c2c03d377a3443632b0f4786a437004b089e2fa4903274c4ae93acfd39 | Triage

Sharing

General

Target

Meacoo_.bin.zip
Size

318KB
Sample

201101-tpzqkstyxe
MD5

7344dcbf79d1eb0e018f4ef93a246681
SHA1

3e9ba2c2fd93015be60e5d23edc2070076dde3dc
SHA256

1760a2c2c03d377a3443632b0f4786a437004b089e2fa4903274c4ae93acfd39
SHA512

f7969ff58be2537728cdaa51266f584e063612e32abe4885d6e54629180319dbebfb293c03509255ae96e71432fbc372ba299ffc7e9ecd06047c64b4d1e53b71

Score

10^/10

dridex 10555 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

85.114.134.25:443

94.23.45.86:3889

145.239.169.34:4643

162.212.152.222:3389

rc4.plain

rc4.plain

Targets

- Target
  
  Meacoo_.bin
- Size
  
  410KB
- MD5
  
  d6c9233f0d70a890f5dd31e02a554dc9
- SHA1
  
  6b925be1b8b107b80c9d65003b37a34a6d4276ff
- SHA256
  
  24e9d45999add1dac491b4c3cfb55b77b95a46bc693eec9df56d6194b7fbe25e
- SHA512
  
  9ebb694c9ec399f09c456a655e121ab54427749213cb0b80098f1ab411e79bf12c4d77aa4fa33fd8edbfc2daa14ae6f0ad9c3dbf2942a417c2b77159b7141208
Score

10^/10

dridex 10555 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasionloadertrojan

behavioral2

dridex10555botnetdiscoveryevasionloadertrojan