dridex | 91c3883d8937bc9e6d8caa34db375508512786eaff799b97fdfc3dc70f9b692e | Triage

Sharing

General

Target

6617347184033792.zip
Size

300KB
Sample

210806-r6mghhqp36
MD5

8ede91b07ee1bad757bb8da4b31d5cfe
SHA1

3b2b3591bcd82392fb0b1c4718858956a865396c
SHA256

91c3883d8937bc9e6d8caa34db375508512786eaff799b97fdfc3dc70f9b692e
SHA512

e38ffa3e1897ebc49cecdc692fe7671bd8715f230c60b24fb252df2c0dd9f4e88a187f4e753ca1846d8816229df692761b7961b098fd68b5298b83600a4dc64f

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

176.9.89.122:10172

147.91.31.1:6225

103.30.247.115:7443

rc4.plain

rc4.plain

Targets

- Target
  
  8c958bfdd794fe51807efb67bf73a3a9b9e9ac9da73bf8b122dfed35f7080a3d
- Size
  
  1.1MB
- MD5
  
  06dd33213e9f80db81494b0b9cec942e
- SHA1
  
  620e898daddba905ee6221a9a987707b86416cbf
- SHA256
  
  8c958bfdd794fe51807efb67bf73a3a9b9e9ac9da73bf8b122dfed35f7080a3d
- SHA512
  
  65f2bf97634df21c19f7bf8262634d236c0f4c9c7fc1f1aff7aedefea94278017f0c6864c5dfd9fa19687dfbb8dcf069e166f7deb5aa4e9bf708ffd3b0d53713
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan