dridex

General

Target

https://nawa-store.com/shopinside
Sample

210818-n1gz5j7lfa

Score

10^/10

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

103.30.247.116:6225

148.251.238.52:10172

209.216.243.2:7443

rc4.plain

Targets

- Target
  
  https://nawa-store.com/shopinside
Score

10^/10

persistence dridex 10111 botnet cryptone discovery evasion packer trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Blocklisted process makes network request
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CryptOne packer

Blocklisted process makes network request

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

urlscan1

behavioral1

behavioral2

behavioral3