dridex | c84aca81b126ee55023f4d1540505edee3b5ede8b67ba48256c2445425772b31 | Triage

Sharing

General

Target

3d278551aa6b00d6d462bd7bf6c7b3ac
Size

750KB
Sample

211027-v6x2fafhc3
MD5

3d278551aa6b00d6d462bd7bf6c7b3ac
SHA1

e43c01bb37c7df64821be14982dee63ae3011086
SHA256

c84aca81b126ee55023f4d1540505edee3b5ede8b67ba48256c2445425772b31
SHA512

b5f0b55abc32b55a6f4efe1924bbd29bac9c460dd3c4e398dfce570259f7f6ba2f7f0a5fa73ee4aad9fa81c0435c70438f1fa834c2bdea486a04f2e89a3b5902

Score

10^/10

dridex 10555 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain

rc4.plain

Targets

- Target
  
  3d278551aa6b00d6d462bd7bf6c7b3ac
- Size
  
  750KB
- MD5
  
  3d278551aa6b00d6d462bd7bf6c7b3ac
- SHA1
  
  e43c01bb37c7df64821be14982dee63ae3011086
- SHA256
  
  c84aca81b126ee55023f4d1540505edee3b5ede8b67ba48256c2445425772b31
- SHA512
  
  b5f0b55abc32b55a6f4efe1924bbd29bac9c460dd3c4e398dfce570259f7f6ba2f7f0a5fa73ee4aad9fa81c0435c70438f1fa834c2bdea486a04f2e89a3b5902
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan

behavioral2

dridex10555botnetdiscoveryevasiontrojan