dridex | d8490369c1853e1c51eb88422f54ff0eabad3725ac6a87f1acaa704021c71d13 | Triage

Sharing

General

Target

d8490369c1853e1c51eb88422f54ff0eabad3725ac6a87f1acaa704021c71d13
Size

160KB
Sample

210622-3gvek6lcv2
MD5

b3564d597a5eb098e2419d1ab1de8f9c
SHA1

42ea6d4f8e6f084c0b9aea1ae6c55e317aaf2e31
SHA256

d8490369c1853e1c51eb88422f54ff0eabad3725ac6a87f1acaa704021c71d13
SHA512

7c25b0c97b6644ebf12b9d4afe2bf50e002fd56ad59d417adaf7854d6c1af8e2ede7b3200c1e517b485862b289257f919049439b7acaac008ad4a9ab8280d60d

Score

10^/10

dridex 40111 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

94.247.168.64:443

159.203.93.122:8172

50.116.27.97:2303

rc4.plain

rc4.plain

Targets

- Target
  
  d8490369c1853e1c51eb88422f54ff0eabad3725ac6a87f1acaa704021c71d13
- Size
  
  160KB
- MD5
  
  b3564d597a5eb098e2419d1ab1de8f9c
- SHA1
  
  42ea6d4f8e6f084c0b9aea1ae6c55e317aaf2e31
- SHA256
  
  d8490369c1853e1c51eb88422f54ff0eabad3725ac6a87f1acaa704021c71d13
- SHA512
  
  7c25b0c97b6644ebf12b9d4afe2bf50e002fd56ad59d417adaf7854d6c1af8e2ede7b3200c1e517b485862b289257f919049439b7acaac008ad4a9ab8280d60d
Score

10^/10

dridex 40111 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex40111botnetevasionloadertrojan