dridex | 1f4d7b9217afd5254350c56788693bee5ecaa46b7f7c07354045826910dacb3c | Triage

Sharing

General

Target

bfe2mddol.dll
Size

752KB
Sample

201102-8m1y372qx2
MD5

fd3da0ce820ee753901011f520ecd2b1
SHA1

31c739f637c7588cd430c60566c2aea402f70a45
SHA256

1f4d7b9217afd5254350c56788693bee5ecaa46b7f7c07354045826910dacb3c
SHA512

267124d68055413495344847f8c068e9f90635407a17370f93ec1afae7b6a65c3f987e5acc84838b4a8b79c62c281341bd466027f377bc25e7cb52c6ded0a354

Score

10^/10

dridex 10444 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

195.154.237.245:443

46.105.131.73:8172

91.238.160.158:18443

213.183.128.99:3786

rc4.plain

rc4.plain

Targets

- Target
  
  bfe2mddol.dll
- Size
  
  752KB
- MD5
  
  fd3da0ce820ee753901011f520ecd2b1
- SHA1
  
  31c739f637c7588cd430c60566c2aea402f70a45
- SHA256
  
  1f4d7b9217afd5254350c56788693bee5ecaa46b7f7c07354045826910dacb3c
- SHA512
  
  267124d68055413495344847f8c068e9f90635407a17370f93ec1afae7b6a65c3f987e5acc84838b4a8b79c62c281341bd466027f377bc25e7cb52c6ded0a354
Score

10^/10

dridex 10444 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasionloadertrojan

behavioral2

dridex10444botnetdiscoveryevasionloadertrojan