dridex

General

Target

Order.862393485.doc
Size

124KB
Sample

201208-695whb5gy6
MD5

6680b904d6e55ea0969120e71ce09b62
SHA1

924a596b6bb5280bebc08245d89f75c1fe0f319c
SHA256

bfa9bd81b48fbbe69d7525456c074b272634b20c7249f4c562a993c4ffbde0d6
SHA512

c37059bbefa0727571526925f98de3e5f63a961a68d8c43d3c410ac89ce41c42e1af2d4442f9fc36cd2eaa8cee04580a9dc4c823e970df0c8e70eac5551fa5aa

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://mountainceramic.com/kx8vjddb.rar

exe.dropper

http://siemensagent.com/ny2tqv.zip

exe.dropper

https://final.makkahkmcc.com/shqay5y.rar

exe.dropper

https://bhasinbrothers.com/cdy7qodb.rar

exe.dropper

https://test.chongthamsika.com.vn/jl4gs4ar.zip

exe.dropper

https://skvflexandoffset.in/igjkrk3.rar

exe.dropper

http://weedcompare.co.uk/mkcy8uttq.zip

exe.dropper

https://thisismycurrentproject.com/rtftdo.rar

Extracted

Family

dridex

Botnet

10555

C2

104.131.164.93:443

46.101.90.205:4643

27.254.174.84:4443

92.94.251.127:3786

rc4.plain

Targets

- Target
  
  Order.862393485.doc
- Size
  
  124KB
- MD5
  
  6680b904d6e55ea0969120e71ce09b62
- SHA1
  
  924a596b6bb5280bebc08245d89f75c1fe0f319c
- SHA256
  
  bfa9bd81b48fbbe69d7525456c074b272634b20c7249f4c562a993c4ffbde0d6
- SHA512
  
  c37059bbefa0727571526925f98de3e5f63a961a68d8c43d3c410ac89ce41c42e1af2d4442f9fc36cd2eaa8cee04580a9dc4c823e970df0c8e70eac5551fa5aa
Score

10^/10

dridex 10555 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Process spawned unexpected child process

Dridex Loader

Blocklisted process makes network request

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2