dridex | fbd108648a43add9a2e400640f3e60a7f31971d748ad0e3f8531a17fa328e7c6 | Triage

Sharing

General

Target

hsy_utu8_12u_v4.4.7.0.dll
Size

175KB
Sample

210727-qh9l9f3h86
MD5

58bf730c02fb67e6de279877eb281925
SHA1

db2380c9d4e6ff9cd7dae6394f315753604adf6b
SHA256

fbd108648a43add9a2e400640f3e60a7f31971d748ad0e3f8531a17fa328e7c6
SHA512

b56283bc1a3f440d118e3c07b33dae78b4aca822fb18d195ed6754934cc210314a770cfede8d05b64357d785e75314c19f52a0e5c3841a69ca114e7936fd395f

Score

10^/10

dridex 22201 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain

rc4.plain

Targets

- Target
  
  hsy_utu8_12u_v4.4.7.0.dll
- Size
  
  175KB
- MD5
  
  58bf730c02fb67e6de279877eb281925
- SHA1
  
  db2380c9d4e6ff9cd7dae6394f315753604adf6b
- SHA256
  
  fbd108648a43add9a2e400640f3e60a7f31971d748ad0e3f8531a17fa328e7c6
- SHA512
  
  b56283bc1a3f440d118e3c07b33dae78b4aca822fb18d195ed6754934cc210314a770cfede8d05b64357d785e75314c19f52a0e5c3841a69ca114e7936fd395f
Score

10^/10

dridex 22201 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22201botnetevasionloadertrojan

behavioral2

dridex22201botnetevasionloadertrojan