dridex | 13f68a7bce85a8f2866de99893398a8f46bd0f0650b687e20489e8d01d1f9d4c | Triage

Sharing

General

Target

89b7c487153fde5e805033c42513b1e4
Size

750KB
Sample

211027-t5q13afga2
MD5

89b7c487153fde5e805033c42513b1e4
SHA1

08e546126c76ecdf75bdc1d4b4021d27c6887c80
SHA256

13f68a7bce85a8f2866de99893398a8f46bd0f0650b687e20489e8d01d1f9d4c
SHA512

1ed20ac7827935626d13eeee6dc10ef758ffae7a86740143b1485405c769ea40d9dd116ddd53f0077faa163736d1bdd20d18e4c2f133e0f657cfb7eb62b6bfdb

Score

10^/10

dridex 10555 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain

rc4.plain

Targets

- Target
  
  89b7c487153fde5e805033c42513b1e4
- Size
  
  750KB
- MD5
  
  89b7c487153fde5e805033c42513b1e4
- SHA1
  
  08e546126c76ecdf75bdc1d4b4021d27c6887c80
- SHA256
  
  13f68a7bce85a8f2866de99893398a8f46bd0f0650b687e20489e8d01d1f9d4c
- SHA512
  
  1ed20ac7827935626d13eeee6dc10ef758ffae7a86740143b1485405c769ea40d9dd116ddd53f0077faa163736d1bdd20d18e4c2f133e0f657cfb7eb62b6bfdb
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan

behavioral2

dridex10555botnetdiscoveryevasiontrojan