dridex | b8bd29d2b1c2f91e4a562f8c60939f7a0f6d127010671df0e9404f40b7a20773 | Triage

Sharing

General

Target

b8bd29d2b1c2f91e4a562f8c60939f7a0f6d127010671df0e9404f40b7a20773
Size

154KB
Sample

210421-58p3xrvgza
MD5

436df320d77e5fca54925e15aefb9c6a
SHA1

99b54bd34838dad7a16acc80c125be7574be5db2
SHA256

b8bd29d2b1c2f91e4a562f8c60939f7a0f6d127010671df0e9404f40b7a20773
SHA512

5d33c0a626f84cc619d87b3310f2b808357118d746f8275c9ad1c3d2a8fd0d781a413e488b0973a21a33dc35573e103f2971fb2cf21059fab05c83dda80ba9d3

Score

10^/10

dridex 40111 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

159.8.59.82:443

51.91.156.39:2303

67.196.50.240:8172

rc4.plain

rc4.plain

Targets

- Target
  
  b8bd29d2b1c2f91e4a562f8c60939f7a0f6d127010671df0e9404f40b7a20773
- Size
  
  154KB
- MD5
  
  436df320d77e5fca54925e15aefb9c6a
- SHA1
  
  99b54bd34838dad7a16acc80c125be7574be5db2
- SHA256
  
  b8bd29d2b1c2f91e4a562f8c60939f7a0f6d127010671df0e9404f40b7a20773
- SHA512
  
  5d33c0a626f84cc619d87b3310f2b808357118d746f8275c9ad1c3d2a8fd0d781a413e488b0973a21a33dc35573e103f2971fb2cf21059fab05c83dda80ba9d3
Score

10^/10

dridex 40111 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40111botnetevasionloadertrojan