Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
Unrthppaf.bin
General
Target
Size
Sample
Unrthppaf.bin
426KB
201126-nqtqj5q93a
Score
10 /10
MD5
SHA1
SHA256
SHA512
2b47214db606e21fb5d58cc7c3a27242
8b71bd0a2618d26a16a85245e7a92aef6d3da967
b12b65a39a6261016b7473cfd08c316cee6958739e00bb746331bdfb52b4b0bb
908057911bc6458f608700814b65be5706825314181f54ca42bd3745dd856cdee85a7b39a5d6f7c57e3203951e4c86578ad4079bfd1d5189a876c714c984c8fe
Malware Config
Extracted
| Family | dridex |
| Version | 10555 |
| C2 |
194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 |
| rc4.plain |
|
| rc4.plain |
|
Targets
Target
MD5
Filesize
Unrthppaf.bin
2b47214db606e21fb5d58cc7c3a27242
426KB
Score
10 /10
SHA1
SHA256
SHA512
8b71bd0a2618d26a16a85245e7a92aef6d3da967
b12b65a39a6261016b7473cfd08c316cee6958739e00bb746331bdfb52b4b0bb
908057911bc6458f608700814b65be5706825314181f54ca42bd3745dd856cdee85a7b39a5d6f7c57e3203951e4c86578ad4079bfd1d5189a876c714c984c8fe
Tags
Signatures
-
Dridex
-
Dridex Loader
Description
Detects Dridex both x86 and x64 loader in memory.
Tags
-
Blacklisted process makes network request
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks