dridex | 3997bf3cf7485ae768f7a23aaa9004f73b0594550611138906821f9b4dc9bce7 | Triage

Sharing

General

Target

xka8p2.rar
Size

311KB
Sample

210113-ttjj5t9c82
MD5

ae994d2a6193a4e256aa86ce0b61175b
SHA1

e067113be50304e76cad4aee6b5bee638938b2e4
SHA256

3997bf3cf7485ae768f7a23aaa9004f73b0594550611138906821f9b4dc9bce7
SHA512

dfaf1af31639a358219d6f0bcbf0858d397d5ce082ce9a7282c4c2c2e5f3c8190c3b9f08fa4dcff0d97faacb367679b7d27c738c11e4821bcccafe7bad5ecffd

Score

10^/10

dridex 10444 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

77.220.64.37:443

80.86.91.27:3308

5.100.228.233:3389

46.105.131.65:1512

rc4.plain

rc4.plain

Targets

- Target
  
  xka8p2.rar
- Size
  
  311KB
- MD5
  
  ae994d2a6193a4e256aa86ce0b61175b
- SHA1
  
  e067113be50304e76cad4aee6b5bee638938b2e4
- SHA256
  
  3997bf3cf7485ae768f7a23aaa9004f73b0594550611138906821f9b4dc9bce7
- SHA512
  
  dfaf1af31639a358219d6f0bcbf0858d397d5ce082ce9a7282c4c2c2e5f3c8190c3b9f08fa4dcff0d97faacb367679b7d27c738c11e4821bcccafe7bad5ecffd
Score

10^/10

dridex 10444 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasionloadertrojan

behavioral2

dridex10444botnetloader