dridex | 45d498fb79a063579d9d758e553a8c3f6792a1cc5a6979d6734d7afda6684359 | Triage

Sharing

General

Target

b6nlu684.rar
Size

413KB
Sample

210113-gpcy27xaxj
MD5

c4536bd01e8dbf70620596f4405cc009
SHA1

2abc224d7b6e9320ba6d00cc722120a95a5bf88a
SHA256

45d498fb79a063579d9d758e553a8c3f6792a1cc5a6979d6734d7afda6684359
SHA512

2eca1efda15314bbe7aaca902c3d8824116d193e7a0dac75bd0db14eb8c70bd16be8ee171e1b70b2f704fa77fbab67cd1ce6a2b6f33c81d345d6066647094308

Score

10^/10

dridex 10444 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

104.131.164.93:443

46.101.90.205:4643

27.254.174.84:4443

92.94.251.127:3786

rc4.plain

rc4.plain

Targets

- Target
  
  b6nlu684.rar
- Size
  
  413KB
- MD5
  
  c4536bd01e8dbf70620596f4405cc009
- SHA1
  
  2abc224d7b6e9320ba6d00cc722120a95a5bf88a
- SHA256
  
  45d498fb79a063579d9d758e553a8c3f6792a1cc5a6979d6734d7afda6684359
- SHA512
  
  2eca1efda15314bbe7aaca902c3d8824116d193e7a0dac75bd0db14eb8c70bd16be8ee171e1b70b2f704fa77fbab67cd1ce6a2b6f33c81d345d6066647094308
Score

10^/10

dridex 10444 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasionloadertrojan

behavioral2

dridex10444botnetloader