dridex | 7bdb42a3c2debe784760d182bceb450f01cf2c30438fd8df8b36cd9991336351 | Triage

Sharing

General

Target

7bdb42a3c2debe784760d182bceb450f01cf2c30438fd8df8b36cd9991336351
Size

188KB
Sample

210225-aqvyk7xxm2
MD5

aecde72e79b5a23106c82965b839fe5b
SHA1

947badc99105ddde0b84e6b83fd928f54b46ec54
SHA256

7bdb42a3c2debe784760d182bceb450f01cf2c30438fd8df8b36cd9991336351
SHA512

febb7d55f21d29428cda4ec27cfb3c696492e2b1641dd4090b08622eacf06345f3af0f6d9f44ca0775e66a98f58a75fb1a1f66c7da9cb182f5b20474675624cb

Score

10^/10

dridex 111 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

111

C2

209.151.236.42:443

91.121.94.86:8172

5.189.144.136:6516

rc4.plain

rc4.plain

Targets

- Target
  
  7bdb42a3c2debe784760d182bceb450f01cf2c30438fd8df8b36cd9991336351
- Size
  
  188KB
- MD5
  
  aecde72e79b5a23106c82965b839fe5b
- SHA1
  
  947badc99105ddde0b84e6b83fd928f54b46ec54
- SHA256
  
  7bdb42a3c2debe784760d182bceb450f01cf2c30438fd8df8b36cd9991336351
- SHA512
  
  febb7d55f21d29428cda4ec27cfb3c696492e2b1641dd4090b08622eacf06345f3af0f6d9f44ca0775e66a98f58a75fb1a1f66c7da9cb182f5b20474675624cb
Score

10^/10

dridex 111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex111botnetdiscoveryevasionloadertrojan