dridex | cf56df192c905336714c2295fd771cb2ed6ade7167705b0442bbc8dde72072e8 | Triage

Sharing

General

Target

hsy_utu8_12u_v4.4.7.0 (4).dll
Size

173KB
Sample

210727-38jl2s61zs
MD5

7042ee1bdb66342f4f19304fff77d08b
SHA1

63caafaae69081882da379556b17a2b21dd96963
SHA256

cf56df192c905336714c2295fd771cb2ed6ade7167705b0442bbc8dde72072e8
SHA512

1f081f9fe46a49c8e08753c89fe8624386a40d1edb3dc7634555f1eb6aadf6fe77d937ad79ec3b8263756750b3a90f32a84c627c6bca7011bb351d89cb3a7a6e

Score

10^/10

dridex 22202 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain

rc4.plain

Targets

- Target
  
  hsy_utu8_12u_v4.4.7.0 (4).dll
- Size
  
  173KB
- MD5
  
  7042ee1bdb66342f4f19304fff77d08b
- SHA1
  
  63caafaae69081882da379556b17a2b21dd96963
- SHA256
  
  cf56df192c905336714c2295fd771cb2ed6ade7167705b0442bbc8dde72072e8
- SHA512
  
  1f081f9fe46a49c8e08753c89fe8624386a40d1edb3dc7634555f1eb6aadf6fe77d937ad79ec3b8263756750b3a90f32a84c627c6bca7011bb351d89cb3a7a6e
Score

10^/10

dridex 22202 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22202botnetevasionloadertrojan

behavioral2

dridex22202botnetevasionloadertrojan