dridex

Resubmissions

20-10-2021 01:50

211020-b9l9kageb6 6

20-10-2021 01:45

211020-b6eqbagea9 10

Sharing

Copy URL

Twitter E-mail

General

Target

https://hilltop2exit.xyz/kjlfkvd82d
Sample

211020-b6eqbagea9

Score

10^/10

Malware Config

Extracted

Family

dridex

Botnet

10111

37.48.124.102:9676

84.33.2.126:6225

188.40.33.77:8194

rc4.plain

Targets

- Target
  
  https://hilltop2exit.xyz/kjlfkvd82d
Score

10^/10

persistence dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Registers COM server for autorun
  persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Registers COM server for autorun

Blocklisted process makes network request

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

urlscan1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7