dridex | f4f87832676d8c9dee41457745ae435de84d96dc72c41bfc16e0162a8ef522a1 | Triage

Sharing

General

Target

a56390598fe2114dd6972ebb75d961fa.exe
Size

975KB
Sample

211201-vsj8eshda5
MD5

a56390598fe2114dd6972ebb75d961fa
SHA1

aa024218c3a03f719f6c6c40d8bc41ca12023285
SHA256

f4f87832676d8c9dee41457745ae435de84d96dc72c41bfc16e0162a8ef522a1
SHA512

d05442b1bf2acc82de3b2439aef3b19561e40ece3fe93b55bf613c0a5f9b496d690660ccd9ba00f19cf3247bca7f06a3d0cd7ae481eeb7a001c26553a4ad9371

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

45.63.36.79:8194

45.79.80.198:9676

81.223.127.86:10172

rc4.plain

rc4.plain

Targets

- Target
  
  a56390598fe2114dd6972ebb75d961fa.exe
- Size
  
  975KB
- MD5
  
  a56390598fe2114dd6972ebb75d961fa
- SHA1
  
  aa024218c3a03f719f6c6c40d8bc41ca12023285
- SHA256
  
  f4f87832676d8c9dee41457745ae435de84d96dc72c41bfc16e0162a8ef522a1
- SHA512
  
  d05442b1bf2acc82de3b2439aef3b19561e40ece3fe93b55bf613c0a5f9b496d690660ccd9ba00f19cf3247bca7f06a3d0cd7ae481eeb7a001c26553a4ad9371
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan