dridex | 5b3405ef19add57b1942ca0c7d711ac679eb9978ad106827d5916839b0bbd8c1 | Triage

Sharing

General

Target

5b3405ef19add57b1942ca0c7d711ac679eb9978ad106827d5916839b0bbd8c1
Size

359KB
Sample

220205-sq44pscfd5
MD5

c70819815e21106eaf13650ae6755e6b
SHA1

75a09a73af35c049883dc283477d4db604cca63d
SHA256

5b3405ef19add57b1942ca0c7d711ac679eb9978ad106827d5916839b0bbd8c1
SHA512

687caa495ec6db445d07e73c03b7179c129fa35a9e730f559f2f9f005d49934a5972363f60b8e65d1bce8b56202f438a303f618de4c3bd05c901bc740a325131

Score

10^/10

dridex 10555 botnet

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

79.137.83.50:443

173.212.212.173:3074

80.86.81.31:3389

85.25.185.155:691

rc4.plain

rc4.plain

Targets

- Target
  
  Document_898896863889.vbs
- Size
  
  906KB
- MD5
  
  07ace6009d4714fe746bbf53cd301e2f
- SHA1
  
  f8dfa00a4ae2ad94e5446f6c33b437b967cf0f02
- SHA256
  
  eb78d1870cd9e6b06fa029ea4076b1775816a0b0cab60d7cc23e0433062ed302
- SHA512
  
  87bc3fdbbee8bed2eb8cfbec7b716e5404777da687df89d4832909f1920bea8d1b0249f9eecfaea22c0cd4742b545c1af35501c23ff42d2037c456fac2a6c205
Score

10^/10

dridex 10555 botnet
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnet

behavioral2