dridex

General

Target

eGift-CardAmazon.962221989.doc
Size

112KB
Sample

201126-gw7vl9ezqs
MD5

97e8aca68cb07b66b0d7e85f2d29d84e
SHA1

561aa71afe2aff33a670f85cc53a926d059d7d97
SHA256

1fba9921befe472d7ba9359523f2561865783d5184f2276bb455c6eb7ea4c947
SHA512

df917bc51f62b1d5fd9dc9b883700a93cf3db5cad0ac09d7e3462b57c97326922fe7f4e9d4b0c0932234454af8370b9f4665e9dc15fda61b68536c52344cafcd

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://burstner.clabris.se/ucjk7st.zip

exe.dropper

http://bespokeweddings.ie/k1c8dh4.rar

exe.dropper

https://conjurosdeamoryhechiceriaacacio.com/tjbdhdvi1.zip

exe.dropper

https://keitauniv.keita.ae/wchfvdsd7.rar

exe.dropper

https://cms.keita.ae/h0mqrz.rar

exe.dropper

https://airbornegroup.net/y461xrm.zip

exe.dropper

https://phones.pmrspain.com/xzeoxn8.rar

exe.dropper

http://oya.qa/lfonl5.rar

Extracted

Family

dridex

Botnet

10555

C2

194.225.58.216:443

178.254.40.132:691

216.172.165.70:3889

198.57.200.100:3786

rc4.plain

Targets

- Target
  
  eGift-CardAmazon.962221989.doc
- Size
  
  112KB
- MD5
  
  97e8aca68cb07b66b0d7e85f2d29d84e
- SHA1
  
  561aa71afe2aff33a670f85cc53a926d059d7d97
- SHA256
  
  1fba9921befe472d7ba9359523f2561865783d5184f2276bb455c6eb7ea4c947
- SHA512
  
  df917bc51f62b1d5fd9dc9b883700a93cf3db5cad0ac09d7e3462b57c97326922fe7f4e9d4b0c0932234454af8370b9f4665e9dc15fda61b68536c52344cafcd
Score

10^/10

dridex 10555 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Process spawned unexpected child process

Dridex Loader

Blocklisted process makes network request

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2