dridex | 22bf78e7af0e4570b52b2382ab75aed9edfca5b53fe6125ffea403352379d256 | Triage

Sharing

General

Target

6283529f07189104ce87a8b3d635578a
Size

750KB
Sample

211027-t6v2eafgb6
MD5

6283529f07189104ce87a8b3d635578a
SHA1

662f0122ae969ec1cd1ae2eb99f0db11f64f47ba
SHA256

22bf78e7af0e4570b52b2382ab75aed9edfca5b53fe6125ffea403352379d256
SHA512

68f51ecf10f6346b56ac63cb26d1f2017a62d9ebc8dcbf12e6c8bbedbcd08bb4b4a0de097c35cce2f12db7698758b79a5adaf53d679e6124132a65209bce664e

Score

10^/10

dridex 10555 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain

rc4.plain

Targets

- Target
  
  6283529f07189104ce87a8b3d635578a
- Size
  
  750KB
- MD5
  
  6283529f07189104ce87a8b3d635578a
- SHA1
  
  662f0122ae969ec1cd1ae2eb99f0db11f64f47ba
- SHA256
  
  22bf78e7af0e4570b52b2382ab75aed9edfca5b53fe6125ffea403352379d256
- SHA512
  
  68f51ecf10f6346b56ac63cb26d1f2017a62d9ebc8dcbf12e6c8bbedbcd08bb4b4a0de097c35cce2f12db7698758b79a5adaf53d679e6124132a65209bce664e
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan

behavioral2