dridex | f0a0ebdf3597ddb79ec8373a04e606f73a0926b5ea62253725616d80647f48e0 | Triage

Sharing

General

Target

f0a0ebdf3597ddb79ec8373a04e606f73a0926b5ea62253725616d80647f48e0
Size

750KB
Sample

211027-tw86aafeh9
MD5

58fb1202213145ad2c22c49553d9576f
SHA1

a151db16222ad4c48a82d48136002b54d7c6c3b4
SHA256

f0a0ebdf3597ddb79ec8373a04e606f73a0926b5ea62253725616d80647f48e0
SHA512

16d5ee269c8abe202bf9a80625f205a6f24e6fa53ab32e4c6f694a1f05bc31cd90add50ce69aa4f7e93aa211fac3843d7ad7595710e7057d97d16b4de0a67665

Score

10^/10

dridex 10555 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain

rc4.plain

Targets

- Target
  
  f0a0ebdf3597ddb79ec8373a04e606f73a0926b5ea62253725616d80647f48e0
- Size
  
  750KB
- MD5
  
  58fb1202213145ad2c22c49553d9576f
- SHA1
  
  a151db16222ad4c48a82d48136002b54d7c6c3b4
- SHA256
  
  f0a0ebdf3597ddb79ec8373a04e606f73a0926b5ea62253725616d80647f48e0
- SHA512
  
  16d5ee269c8abe202bf9a80625f205a6f24e6fa53ab32e4c6f694a1f05bc31cd90add50ce69aa4f7e93aa211fac3843d7ad7595710e7057d97d16b4de0a67665
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan