dridex | 072e57e6e901168137834f52b2f0bfe78375258122e146f92129c2344fed0c88 | Triage

Sharing

General

Target

c151c22bf1425d8adfa4313ee1f2387c
Size

532KB
Sample

201117-qqkfm13eta
MD5

6b03b4f17be0138c0dbced5e40976ea5
SHA1

c83f3265f0449329b27f5ff093c79e6bb480c228
SHA256

072e57e6e901168137834f52b2f0bfe78375258122e146f92129c2344fed0c88
SHA512

1a1705131cae1b9cecb669bd268a2c3481f0e0f643e5614ad6df60ddceee7e91a96aaf5be4e1d491abf0be7fc1263266f7d8a8466710d3609836019c459b21c3

Score

10^/10

dridex 10444 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

77.220.64.39:443

69.164.207.140:3388

78.47.139.43:4443

103.244.206.74:33443

rc4.plain

rc4.plain

Targets

- Target
  
  c151c22bf1425d8adfa4313ee1f2387c
- Size
  
  532KB
- MD5
  
  6b03b4f17be0138c0dbced5e40976ea5
- SHA1
  
  c83f3265f0449329b27f5ff093c79e6bb480c228
- SHA256
  
  072e57e6e901168137834f52b2f0bfe78375258122e146f92129c2344fed0c88
- SHA512
  
  1a1705131cae1b9cecb669bd268a2c3481f0e0f643e5614ad6df60ddceee7e91a96aaf5be4e1d491abf0be7fc1263266f7d8a8466710d3609836019c459b21c3
Score

10^/10

dridex 10444 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasionloadertrojan

behavioral2

dridex10444botnetdiscoveryevasionloadertrojan