dridex | 41c6fd5ff1870f9038b1b0c19b4970bf7cba89be80abb90f3c5a6f4d6e81c4ae | Triage

Sharing

General

Target

41c6fd5ff1870f9038b1b0c19b4970bf7cba89be80abb90f3c5a6f4d6e81c4ae
Size

158KB
Sample

210622-nlsq8pyb62
MD5

34305447da681b3548b92315008ff75b
SHA1

3a0e32c895f827f976c2959f4a91503c6fc6b7b5
SHA256

41c6fd5ff1870f9038b1b0c19b4970bf7cba89be80abb90f3c5a6f4d6e81c4ae
SHA512

2ccd6b7a981e8af8b0a18eafe44de9b7767c4004a9b8c664422f63a5c549558bdd6c1d8e243b98533d77ff57108f98a74763f536112ac49d769638e07f5b7b76

Score

10^/10

dridex 40111 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain

rc4.plain

Targets

- Target
  
  41c6fd5ff1870f9038b1b0c19b4970bf7cba89be80abb90f3c5a6f4d6e81c4ae
- Size
  
  158KB
- MD5
  
  34305447da681b3548b92315008ff75b
- SHA1
  
  3a0e32c895f827f976c2959f4a91503c6fc6b7b5
- SHA256
  
  41c6fd5ff1870f9038b1b0c19b4970bf7cba89be80abb90f3c5a6f4d6e81c4ae
- SHA512
  
  2ccd6b7a981e8af8b0a18eafe44de9b7767c4004a9b8c664422f63a5c549558bdd6c1d8e243b98533d77ff57108f98a74763f536112ac49d769638e07f5b7b76
Score

10^/10

dridex 40111 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex40111botnetevasionloadertrojan