dridex

General

Target

PDF#439904575.doc
Size

111KB
Sample

201103-p5p5pwa1wx
MD5

8f33e15e96940e973730a2f9e14bea01
SHA1

e60e1440917d9964db4b4baec525516b5b5255a9
SHA256

c8a95eea1d734b39f042f0e2896111802e82621f6d5759e57420ccb03a07964b
SHA512

fea98a4a4b928bb701dd9cd7f28926ff6b8d80e60610796add510768761bb53a390808da4ee46c13a983f89bcf63eef2778d25deda480ca5f447e46ee05712e2

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://nuwvbfigh0bnuwvbfigh0b.belchem.com/oiy2t6jt.rar

exe.dropper

http://www.admin.halaladvisor.com.au/ggvopq.rar

exe.dropper

http://viviangray.uzor.group/j5zspe.zip

exe.dropper

https://egitim.osgbpro.com/zze6enps.zip

exe.dropper

https://pop.xpleomedia.com/nival5t35.rar

exe.dropper

https://electronlab.org/zudt9vey3.rar

exe.dropper

http://investmentevening.fisherdugmore.co.za/t6qmxn.zip

Extracted

Family

dridex

Botnet

10555

C2

195.154.237.245:443

46.105.131.73:8172

91.238.160.158:18443

213.183.128.99:3786

rc4.plain

Targets

- Target
  
  PDF#439904575.doc
- Size
  
  111KB
- MD5
  
  8f33e15e96940e973730a2f9e14bea01
- SHA1
  
  e60e1440917d9964db4b4baec525516b5b5255a9
- SHA256
  
  c8a95eea1d734b39f042f0e2896111802e82621f6d5759e57420ccb03a07964b
- SHA512
  
  fea98a4a4b928bb701dd9cd7f28926ff6b8d80e60610796add510768761bb53a390808da4ee46c13a983f89bcf63eef2778d25deda480ca5f447e46ee05712e2
Score

10^/10

dridex 10555 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Process spawned unexpected child process

Dridex Loader

Blocklisted process makes network request

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2