dridex | dd31f209d69ff7e0580253cd7c5978b1d619f696f915a98de72c84446da8393a | Triage

Sharing

General

Target

ab1b11895f9bf582a78ffedb98fb73f9.exe
Size

1.1MB
Sample

211119-w9gdjabcbk
MD5

ab1b11895f9bf582a78ffedb98fb73f9
SHA1

e90aaac85fc3a4690c5f4831f0e6b2b96e294cd7
SHA256

dd31f209d69ff7e0580253cd7c5978b1d619f696f915a98de72c84446da8393a
SHA512

bd72b97f433dbb614102beb91458303ba22f54325ce5869330c1071a0cf91926bdb4207916195d9b1a853c0d41b58d0a616a34a254f2f517efcc9df1d20b8215

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.189.150.29:9676

62.171.139.106:10172

216.177.137.53:8194

rc4.plain

rc4.plain

Targets

- Target
  
  ab1b11895f9bf582a78ffedb98fb73f9.exe
- Size
  
  1.1MB
- MD5
  
  ab1b11895f9bf582a78ffedb98fb73f9
- SHA1
  
  e90aaac85fc3a4690c5f4831f0e6b2b96e294cd7
- SHA256
  
  dd31f209d69ff7e0580253cd7c5978b1d619f696f915a98de72c84446da8393a
- SHA512
  
  bd72b97f433dbb614102beb91458303ba22f54325ce5869330c1071a0cf91926bdb4207916195d9b1a853c0d41b58d0a616a34a254f2f517efcc9df1d20b8215
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan