dridex | d7b714d46bd135be9c8b5a47fe3c3784f6a74fde55747478a0a96cc872f701ec | Triage

Sharing

General

Target

d7b714d46bd135be9c8b5a47fe3c3784f6a74fde55747478a0a96cc872f701ec
Size

160KB
Sample

210627-q3ay36z4es
MD5

b7b7658cde672b5e80c2c8b961a33390
SHA1

a1cc000e71713e5cf06518538bf28af6265dd296
SHA256

d7b714d46bd135be9c8b5a47fe3c3784f6a74fde55747478a0a96cc872f701ec
SHA512

3ad7031c1b44fc5317a6c2e614af1cf5f5ea7caf58b33a47ea204581883a16d0b7a297aeda60283ff36c603b01b006867997045622e3d8133cf7f98f861eb837

Score

10^/10

dridex 40111 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

94.247.168.64:443

159.203.93.122:8172

50.116.27.97:2303

rc4.plain

rc4.plain

Targets

- Target
  
  d7b714d46bd135be9c8b5a47fe3c3784f6a74fde55747478a0a96cc872f701ec
- Size
  
  160KB
- MD5
  
  b7b7658cde672b5e80c2c8b961a33390
- SHA1
  
  a1cc000e71713e5cf06518538bf28af6265dd296
- SHA256
  
  d7b714d46bd135be9c8b5a47fe3c3784f6a74fde55747478a0a96cc872f701ec
- SHA512
  
  3ad7031c1b44fc5317a6c2e614af1cf5f5ea7caf58b33a47ea204581883a16d0b7a297aeda60283ff36c603b01b006867997045622e3d8133cf7f98f861eb837
Score

10^/10

dridex 40111 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40111botnetevasionloadertrojan