dridex

General

Target

538dbb8edaeba882aaf0b8f624a043699dd7544784352352a3b2b28ab6bad8e1
Size

236KB
Sample

210121-3tswm7e4va
MD5

67de209a26b0392ec68f1acadfcd3b8c
SHA1

1239384045ed93a2932c66bce075858584b171c1
SHA256

538dbb8edaeba882aaf0b8f624a043699dd7544784352352a3b2b28ab6bad8e1
SHA512

858270c2a9f4ceed448757e752249124095cbae51f93acf6b20409d7f4c3ccfa5f8e906a0a1ed348f7372dae871f2266a02e5dafb61ae414e4cbb31e6b2f495a

Score

10^/10

Malware Config

Extracted

Family

dridex

Version

28416

C2

77.220.64.40:443

8.4.9.152:3786

185.246.87.202:3098

rc4.plain

Targets

- Target
  
  538dbb8edaeba882aaf0b8f624a043699dd7544784352352a3b2b28ab6bad8e1
- Size
  
  236KB
- MD5
  
  67de209a26b0392ec68f1acadfcd3b8c
- SHA1
  
  1239384045ed93a2932c66bce075858584b171c1
- SHA256
  
  538dbb8edaeba882aaf0b8f624a043699dd7544784352352a3b2b28ab6bad8e1
- SHA512
  
  858270c2a9f4ceed448757e752249124095cbae51f93acf6b20409d7f4c3ccfa5f8e906a0a1ed348f7372dae871f2266a02e5dafb61ae414e4cbb31e6b2f495a
Score

10^/10

dridex botnet discovery evasion loader ransomware trojan bootkit
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1

T1004

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dridex Loader

Blocklisted process makes network request

Modifies WinLogon to allow AutoLogon

Checks installed software on the system

Checks whether UAC is enabled

Enumerates physical storage devices

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2