dridex | 9c374a1e78f7ade60493132d00d547fa6cca37434c4e42a6e1f801eff49b4e4d | Triage

Sharing

General

Target

9c374a1e78f7ade60493132d00d547fa6cca37434c4e42a6e1f801eff49b4e4d
Size

160KB
Sample

210421-cr9jngvrzn
MD5

c31de90a316cd0acf485b6dd6b336c6d
SHA1

de0cb46733b443450143958f9b90747c83498f00
SHA256

9c374a1e78f7ade60493132d00d547fa6cca37434c4e42a6e1f801eff49b4e4d
SHA512

e3aecf2c94342ba9677b3936fd02ba27c2a5c51188fd8809724d6254c04e02e4a6b391e32c5b9b9fcb6062b9d057488b69379973cc9d35e3630221d51535f504

Score

10^/10

dridex 40111 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

94.247.168.64:443

159.203.93.122:8172

50.116.27.97:2303

rc4.plain

rc4.plain

Targets

- Target
  
  9c374a1e78f7ade60493132d00d547fa6cca37434c4e42a6e1f801eff49b4e4d
- Size
  
  160KB
- MD5
  
  c31de90a316cd0acf485b6dd6b336c6d
- SHA1
  
  de0cb46733b443450143958f9b90747c83498f00
- SHA256
  
  9c374a1e78f7ade60493132d00d547fa6cca37434c4e42a6e1f801eff49b4e4d
- SHA512
  
  e3aecf2c94342ba9677b3936fd02ba27c2a5c51188fd8809724d6254c04e02e4a6b391e32c5b9b9fcb6062b9d057488b69379973cc9d35e3630221d51535f504
Score

10^/10

dridex 40111 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex40111botnetevasionloadertrojan