dridex | 05c8b018adaddd23c8b89275eea1f64e6c5c421b891e4b66a94d0754bbb75a36 | Triage

Sharing

General

Target

magi9.bin.zip
Size

308KB
Sample

210701-82rcgm442n
MD5

7ec6f582b4740bf5665548cc7cfdb1d6
SHA1

4727a56a4c9e05a9db530870bb49d362e5f7875c
SHA256

05c8b018adaddd23c8b89275eea1f64e6c5c421b891e4b66a94d0754bbb75a36
SHA512

30ef1ea7e5eeac475772dfd5194e301c1310ec26aea585096668da7d34a96b921878c5f7385ea68e51ead773fc41678b699680cab38bd8f40e9d1134843ca9fa

Score

10^/10

dridex 10111 botnet cryptone discovery evasion packer trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

104.168.155.129:443

142.4.219.173:4664

176.31.117.84:9443

rc4.plain

rc4.plain

Targets

- Target
  
  magi9.bin
- Size
  
  1.0MB
- MD5
  
  2276e0412317a63a2bd1985febe93cca
- SHA1
  
  d33658ad2ac879461d8785536e7077c05dba31fb
- SHA256
  
  acc12fbe12b9970c7335151b67e4dc23f38bb1eed62a52edede51ff37e76ff39
- SHA512
  
  419aa0f99c9c87597dbaff6fab7f387709071de66aa89dc5eae6ed11cf7efd979e6fcbe8b99831209bc4b472f525c33e5eeb2e3651524f604fc315adfc55d6c7
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan