dridex | f9c07b91ad38a008ddc0f2655c9195961320c71160f9cfaec6af99f27a213b90 | Triage

Sharing

General

Target

f9c07b91ad38a008ddc0f2655c9195961320c71160f9cfaec6af99f27a213b90
Size

414KB
Sample

220309-sqyxpahha7
MD5

437c9e83a39c2c61c55f6a2524827f69
SHA1

e6290c66a899912f8234d790156b22e27f107582
SHA256

f9c07b91ad38a008ddc0f2655c9195961320c71160f9cfaec6af99f27a213b90
SHA512

cd26e522a9e3ccc171c0252750de04052811a3b8b1b7b4a948970400559e6c40e45ebe3530449791d2d8add886dfe80fb052c0233f037cbe7107b952b9333f51

Score

10^/10

dridex 10555 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

194.225.58.216:443

178.254.40.132:691

216.172.165.70:3889

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  f9c07b91ad38a008ddc0f2655c9195961320c71160f9cfaec6af99f27a213b90
- Size
  
  414KB
- MD5
  
  437c9e83a39c2c61c55f6a2524827f69
- SHA1
  
  e6290c66a899912f8234d790156b22e27f107582
- SHA256
  
  f9c07b91ad38a008ddc0f2655c9195961320c71160f9cfaec6af99f27a213b90
- SHA512
  
  cd26e522a9e3ccc171c0252750de04052811a3b8b1b7b4a948970400559e6c40e45ebe3530449791d2d8add886dfe80fb052c0233f037cbe7107b952b9333f51
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan

behavioral2

dridex10555botnet