dridex | 4af5735cd1462eeca1da8cd25b403ee1c1e77abf7766beb857069fb422e32d23 | Triage

Sharing

General

Target

5859006963023872.zip
Size

294KB
Sample

201109-79g7wvsnex
MD5

1154d8f9dbb49c2993fa538f7dcf1027
SHA1

0cf27ba65bb8d7202d9fa864d8a4e497b9b865bd
SHA256

4af5735cd1462eeca1da8cd25b403ee1c1e77abf7766beb857069fb422e32d23
SHA512

2c873201c98c708f19463fa6832937af4ecca9cc843bf9786a27280375a9da5d7403c7bdee4fcffb4845971512e992ed1efa5e23ceca65aa2510658229e818ff

Score

10^/10

dridex 10111 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

194.150.118.7:443

49.212.179.180:3889

69.64.62.4:4443

rc4.plain

rc4.plain

Targets

- Target
  
  74a30c278e5592bf84a3b07da0edb9dc07d79ca9ec2df55049193f209a5e0aa4
- Size
  
  531KB
- MD5
  
  f8827d2208cf28b17db28bbba29f9266
- SHA1
  
  f76ea2e9e4b979313387f1a81884bb65e5771f1d
- SHA256
  
  74a30c278e5592bf84a3b07da0edb9dc07d79ca9ec2df55049193f209a5e0aa4
- SHA512
  
  ddb272d0839ae4e97ec1469857cf516345eac519a071c48ae3edbcd8df2fa0293811c2e7cc2c5560254499b5900f26bb0a04fa3431b157b38dea8c3730da9464
Score

10^/10

dridex 10111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasionloadertrojan

behavioral2

dridex10111botnetdiscoveryevasionloadertrojan