dridex | 9354d9a23f836f3dceec5ae209ab29172d0ee6c684e204f42b2401d7bc82de57 | Triage

Sharing

General

Target

9354d9a23f836f3dceec5ae209ab29172d0ee6c684e204f42b2401d7bc82de57
Size

398KB
Sample

220309-b1vjksegfm
MD5

88997d4aee8771ab73b4d1250cff3fa2
SHA1

e7a72baa7561c812207d716b26156e46781848e3
SHA256

9354d9a23f836f3dceec5ae209ab29172d0ee6c684e204f42b2401d7bc82de57
SHA512

1c1b22d275f40957ac7f2fdc0fc096352960e4a055c3a6214cff67f45550031321c31b92e684c334152b4549ee83cd2cb8245e7679076c6c9cfc5290926ba8de

Score

10^/10

dridex 10555 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

194.225.58.216:443

178.254.40.132:691

216.172.165.70:3889

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  9354d9a23f836f3dceec5ae209ab29172d0ee6c684e204f42b2401d7bc82de57
- Size
  
  398KB
- MD5
  
  88997d4aee8771ab73b4d1250cff3fa2
- SHA1
  
  e7a72baa7561c812207d716b26156e46781848e3
- SHA256
  
  9354d9a23f836f3dceec5ae209ab29172d0ee6c684e204f42b2401d7bc82de57
- SHA512
  
  1c1b22d275f40957ac7f2fdc0fc096352960e4a055c3a6214cff67f45550031321c31b92e684c334152b4549ee83cd2cb8245e7679076c6c9cfc5290926ba8de
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan

behavioral2

dridex10555botnet