dridex | 664a9ed7f0380b737fd75b3aa9c234eb15235b0097306e9a46bec74c5584ba6a | Triage

Sharing

General

Target

tzvqteb.0.dr.dll
Size

750KB
Sample

211027-zf37zsgdg6
MD5

982920b38c5cd4405292b6574db8e91d
SHA1

da09a73c1c1be0ce1c0f0e058b8f32b7d188ca8c
SHA256

664a9ed7f0380b737fd75b3aa9c234eb15235b0097306e9a46bec74c5584ba6a
SHA512

ef2957e0107ce7454ff246a5b8868bc00ea9dfb78598aff9951ee605a7f4d43ca13f8015bc9370c77776d25465ed5e711aeb0790f7a30adfcb9505247521a9c3

Score

10^/10

dridex 10555 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain

rc4.plain

Targets

- Target
  
  tzvqteb.0.dr.dll
- Size
  
  750KB
- MD5
  
  982920b38c5cd4405292b6574db8e91d
- SHA1
  
  da09a73c1c1be0ce1c0f0e058b8f32b7d188ca8c
- SHA256
  
  664a9ed7f0380b737fd75b3aa9c234eb15235b0097306e9a46bec74c5584ba6a
- SHA512
  
  ef2957e0107ce7454ff246a5b8868bc00ea9dfb78598aff9951ee605a7f4d43ca13f8015bc9370c77776d25465ed5e711aeb0790f7a30adfcb9505247521a9c3
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan

behavioral2

dridex10555botnetdiscoveryevasiontrojan