dridex | eaee59c87c6cae8dc8e2e0b47ab9eb3f8da80a40140b029788a12ca58bdbf36f | Triage

Sharing

General

Target

eaee59c87c6cae8dc8e2e0b47ab9eb3f8da80a40140b029788a12ca58bdbf36f
Size

196KB
Sample

210611-9bkkz2p47n
MD5

2780f362c2bec813a98d7f1c53fc0bf2
SHA1

5da8853687a64dff3482090546074f243329ba3b
SHA256

eaee59c87c6cae8dc8e2e0b47ab9eb3f8da80a40140b029788a12ca58bdbf36f
SHA512

527a5ac3d4ca33d4c1886200d83380f8f3110aae68fe56faa9f6e983e626efd0cc1e101850e5bd845325a12ef7b6baeee7d68b7f199c0dea157f2dce228cd762

Score

10^/10

dridex 111 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain

rc4.plain

Targets

- Target
  
  eaee59c87c6cae8dc8e2e0b47ab9eb3f8da80a40140b029788a12ca58bdbf36f
- Size
  
  196KB
- MD5
  
  2780f362c2bec813a98d7f1c53fc0bf2
- SHA1
  
  5da8853687a64dff3482090546074f243329ba3b
- SHA256
  
  eaee59c87c6cae8dc8e2e0b47ab9eb3f8da80a40140b029788a12ca58bdbf36f
- SHA512
  
  527a5ac3d4ca33d4c1886200d83380f8f3110aae68fe56faa9f6e983e626efd0cc1e101850e5bd845325a12ef7b6baeee7d68b7f199c0dea157f2dce228cd762
Score

10^/10

dridex 111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex111botnetdiscoveryevasionloadertrojan