dridex | b454160369a30dde38ca7df6193d2d459b29ff01f601aa86cb16dcb30f1e4e9d

Analysis

max time kernel
120s
max time network
120s
submitted
01-01-1970 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa7a1361feb49bdc9ae17efcd3510674.exe
Size

477KB
MD5

aa7a1361feb49bdc9ae17efcd3510674
SHA1

0132676344d5f38b24a57517db95bb0034abf916
SHA256

b454160369a30dde38ca7df6193d2d459b29ff01f601aa86cb16dcb30f1e4e9d
SHA512

046173ffa27d29e5cc83d836ce5778c179e539642ae947443b965b0d4c4246c90e287618ea2b338fd7c1be5040ed733ac6f3cbb106b5fdff0d3ed78c7881de3a

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

54.37.202.209:8194

144.76.162.241:10172

94.23.24.82:6225

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

aa7a1361feb49bdc9ae17efcd3510674.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	aa7a1361feb49bdc9ae17efcd3510674.exe

C:\Users\Admin\AppData\Local\Temp\aa7a1361feb49bdc9ae17efcd3510674.exe
"C:\Users\Admin\AppData\Local\Temp\aa7a1361feb49bdc9ae17efcd3510674.exe"
1⤵
- Checks whether UAC is enabled
PID:1772

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1772-55-0x0000000075321000-0x0000000075323000-memory.dmp

Filesize
8KB

Download
memory/1772-56-0x0000000000220000-0x000000000025C000-memory.dmp

Filesize
240KB

Download
memory/1772-57-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download