Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
ef5ai1p.dll
General
Target
Size
Sample
ef5ai1p.dll
539KB
201119-c4jtwtcr8x
Score
10 /10
MD5
SHA1
SHA256
SHA512
1ba0b20a2d03d8af03a7faa42b06417f
4c528bb2afd93d8cb1199d05dc33d77e08f0ee88
f5951b345050e10fa0d3b70b42e6b56d5a720a7a67c381345e33c145e2ba2452
5447e2424e0beeace8c1d3de285fcd841b184e9ed1b3035334fd3005399aa0947b5688a22754b9114ff3f9444906481a519477fbd9cfdb17f23136ad14f6eef3
Malware Config
Extracted
| Family | dridex |
| Botnet | 10444 |
| C2 |
162.241.44.26:9443 192.232.229.53:4443 77.220.64.34:443 193.90.12.121:3098 |
| rc4.plain |
|
| rc4.plain |
|
Targets
Target
MD5
Filesize
ef5ai1p.dll
1ba0b20a2d03d8af03a7faa42b06417f
539KB
Score
10 /10
SHA1
SHA256
SHA512
4c528bb2afd93d8cb1199d05dc33d77e08f0ee88
f5951b345050e10fa0d3b70b42e6b56d5a720a7a67c381345e33c145e2ba2452
5447e2424e0beeace8c1d3de285fcd841b184e9ed1b3035334fd3005399aa0947b5688a22754b9114ff3f9444906481a519477fbd9cfdb17f23136ad14f6eef3
Tags
Signatures
-
Dridex
-
Dridex Loader
Description
Detects Dridex both x86 and x64 loader in memory.
Tags
-
Blocklisted process makes network request
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks