dridex | 35b0f50b9df717fc9e5eb5913366c2899f418656f760581855bc3a5aa52abcb3 | Triage

Sharing

General

Target

35b0f50b9df717fc9e5eb5913366c2899f418656f760581855bc3a5aa52abcb3
Size

158KB
Sample

210511-s9l89j9ah6
MD5

86f6b9c74cc2ba31e29c6559150422ce
SHA1

becfe78879a79c81b97c44521a0331270c29dc4f
SHA256

35b0f50b9df717fc9e5eb5913366c2899f418656f760581855bc3a5aa52abcb3
SHA512

0fb4cafd72462dda83f62fcbd570d9c2bae428d5a8d58fe3841df417321a13ee18d3f837fc92d6e6ef6faeb2867d033b954e656f9b19e8e08a777d9b7bfe92e9

Score

10^/10

dridex 40112 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain

rc4.plain

Targets

- Target
  
  35b0f50b9df717fc9e5eb5913366c2899f418656f760581855bc3a5aa52abcb3
- Size
  
  158KB
- MD5
  
  86f6b9c74cc2ba31e29c6559150422ce
- SHA1
  
  becfe78879a79c81b97c44521a0331270c29dc4f
- SHA256
  
  35b0f50b9df717fc9e5eb5913366c2899f418656f760581855bc3a5aa52abcb3
- SHA512
  
  0fb4cafd72462dda83f62fcbd570d9c2bae428d5a8d58fe3841df417321a13ee18d3f837fc92d6e6ef6faeb2867d033b954e656f9b19e8e08a777d9b7bfe92e9
Score

10^/10

dridex 40112 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex40112botnetevasionloadertrojan