dridex

General

Target

https://nippon-mask.site/maskhit?cpm_id=subid&cep=DB9BsRZwG1HrQhWzAD3dVTFJImg2Mm5XsYYiddpNfTDewL5GWK3KHhxPlYGhS854LcPu0XaxihIOX-r-N8K7WTNjd1-Xg2KgPGoyf8ABAyyYykz_rUxY8MtxvwBqmNPo-Xb-H3UkrKsrU5yIc451EiYcdvS2AJE9NXx_53Cxbe4HAIVsWxE3igyr9xWP00PwslriZBfgzQjt4HJkrVvspmjrL0ZJM86caDBO8jAyzR_Oj_0Q5tGA6YvQmu5qbra2YZrfruiYMIwa8RBHDqh_Gj8mAcwbKVOxBj8piNIPUA7xtJb4fWqmiN9EX94GhcCL27IBdCipWkfMvn0aHs7kwGdeVYrV9nmBSfkJjUrww-RoSEs1KKzg9bfZPp9PVRsM
Sample

210322-dbjaw549a2

Score

10^/10

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

188.165.17.91:8443

81.0.236.90:6601

rc4.plain

Targets

- Target
  
  https://nippon-mask.site/maskhit?cpm_id=subid&cep=DB9BsRZwG1HrQhWzAD3dVTFJImg2Mm5XsYYiddpNfTDewL5GWK3KHhxPlYGhS854LcPu0XaxihIOX-r-N8K7WTNjd1-Xg2KgPGoyf8ABAyyYykz_rUxY8MtxvwBqmNPo-Xb-H3UkrKsrU5yIc451EiYcdvS2AJE9NXx_53Cxbe4HAIVsWxE3igyr9xWP00PwslriZBfgzQjt4HJkrVvspmjrL0ZJM86caDBO8jAyzR_Oj_0Q5tGA6YvQmu5qbra2YZrfruiYMIwa8RBHDqh_Gj8mAcwbKVOxBj8piNIPUA7xtJb4fWqmiN9EX94GhcCL27IBdCipWkfMvn0aHs7kwGdeVYrV9nmBSfkJjUrww-RoSEs1KKzg9bfZPp9PVRsM
Score

10^/10

dridex 10111 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dridex Loader

Blocklisted process makes network request

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

urlscan1

behavioral1