dridex | 46b0ea621563462f79b55c0b956fe88d0089ef93d54a8f880667591c7fe0a90e | Triage

Sharing

General

Target

46b0ea621563462f79b55c0b956fe88d0089ef93d54a8f880667591c7fe0a90e
Size

664KB
Sample

211014-r9esgsafdl
MD5

396a0cd04711b2e761be08f84cfd0ef4
SHA1

2f7f0300d9d011442861b699ce6ecb58fa8a6600
SHA256

46b0ea621563462f79b55c0b956fe88d0089ef93d54a8f880667591c7fe0a90e
SHA512

ca2b33765baadb32edfe472eedc5f2605be6fe6e7c8025d9ba622f8eede379feecf13dbd33b57648749fab549561b2d29ad5952d375908fd269d192f342f1a30

Score

10^/10

dridex 10222 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  46b0ea621563462f79b55c0b956fe88d0089ef93d54a8f880667591c7fe0a90e
- Size
  
  664KB
- MD5
  
  396a0cd04711b2e761be08f84cfd0ef4
- SHA1
  
  2f7f0300d9d011442861b699ce6ecb58fa8a6600
- SHA256
  
  46b0ea621563462f79b55c0b956fe88d0089ef93d54a8f880667591c7fe0a90e
- SHA512
  
  ca2b33765baadb32edfe472eedc5f2605be6fe6e7c8025d9ba622f8eede379feecf13dbd33b57648749fab549561b2d29ad5952d375908fd269d192f342f1a30
Score

10^/10

dridex 10222 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10222botnetdiscoveryevasiontrojan