dridex | ec883537b55898c10784f342613e671d21a242a266ec3b6f9547f4c21bae4622 | Triage

Sharing

General

Target

ec883537b55898c10784f342613e671d21a242a266ec3b6f9547f4c21bae4622
Size

157KB
Sample

210421-78f8pkykva
MD5

7f5b44fd6c814069873bb4103162a304
SHA1

1b337f9b1ef2bd89cbbcb4611c201f1fee4ba178
SHA256

ec883537b55898c10784f342613e671d21a242a266ec3b6f9547f4c21bae4622
SHA512

d54d6d8cb2a4264e5c4f038b276576912ecc9ad852b038318a7f4a6a5713c65ec5a7b6cd9f217bcb1948d5966da60723e76596d842b8e339dfb0c511aad8d987

Score

10^/10

dridex 40112 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

159.8.59.82:443

51.91.156.39:2303

67.196.50.240:8172

rc4.plain

rc4.plain

Targets

- Target
  
  ec883537b55898c10784f342613e671d21a242a266ec3b6f9547f4c21bae4622
- Size
  
  157KB
- MD5
  
  7f5b44fd6c814069873bb4103162a304
- SHA1
  
  1b337f9b1ef2bd89cbbcb4611c201f1fee4ba178
- SHA256
  
  ec883537b55898c10784f342613e671d21a242a266ec3b6f9547f4c21bae4622
- SHA512
  
  d54d6d8cb2a4264e5c4f038b276576912ecc9ad852b038318a7f4a6a5713c65ec5a7b6cd9f217bcb1948d5966da60723e76596d842b8e339dfb0c511aad8d987
Score

10^/10

dridex 40112 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex40112botnetevasionloadertrojan

behavioral2

dridex40112botnetevasionloadertrojan