dridex | cb7231c52d87ee69882cb128b8f6c1e256eb3e86f8ea2eac1bd1ed554ca14afe | Triage

Sharing

General

Target

015bz.bin.zip
Size

227KB
Sample

210414-fyp66k4ytn
MD5

e9ec00938f64e35d8e712cd460dec626
SHA1

e00ff5946fc9356942d7aeefdaa5dd7a8f0b494d
SHA256

cb7231c52d87ee69882cb128b8f6c1e256eb3e86f8ea2eac1bd1ed554ca14afe
SHA512

0728e1f21d60fddcb21323cc157c3514e756b8be0d5015ded476cc866f8ffb4be5bfd8c3ff407937d8a09794ebf07bb4aff674f284205ce4754a173d5bdda8b6

Score

10^/10

dridex 10111 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

131.100.24.217:443

188.165.17.91:8443

153.122.179.229:6601

rc4.plain

rc4.plain

Targets

- Target
  
  015bz.bin
- Size
  
  1.1MB
- MD5
  
  ac8b79d8b99f3be12dec15742f30db04
- SHA1
  
  eebba247ee75361262d1c27f0d23bacf0016204f
- SHA256
  
  b03b68c20ccb35e22a49087130f8b47332ddda5e4e1b3441749a00f857390fd3
- SHA512
  
  f02383c1dd6f9eb0c81056c8a4afa8aeac62339ec26653213f2198111e01f7a3b69af4766c3c8ba111ed77a51e0159dfaa1b6379fb8d6f0ada8e8e0b4fb44221
Score

10^/10

dridex 10111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasionloadertrojan

behavioral2

dridex10111botnetdiscoveryevasionloadertrojan