dridex | ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b | Triage

Sharing

General

Target

ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b
Size

355KB
Sample

220324-naqh6agca4
MD5

821e56271da5d7ab18c6eb49cb14abf5
SHA1

be56ac4b532620d9b3ec88c9b2530de0a6499d6a
SHA256

ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b
SHA512

79b2325efe8ad9e24e0f22ede0d824367986caf3133df86be86b89d39c8d4cd3811bc3ee0cca8746ceeea5c3c790b192be0cab7b2d9b005444f6756df97111f5

Score

10^/10

dridex 10555 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

175.126.167.148:443

173.249.20.233:8043

162.241.204.233:4443

138.122.143.40:8043

rc4.plain

rc4.plain

Targets

- Target
  
  ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b
- Size
  
  355KB
- MD5
  
  821e56271da5d7ab18c6eb49cb14abf5
- SHA1
  
  be56ac4b532620d9b3ec88c9b2530de0a6499d6a
- SHA256
  
  ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b
- SHA512
  
  79b2325efe8ad9e24e0f22ede0d824367986caf3133df86be86b89d39c8d4cd3811bc3ee0cca8746ceeea5c3c790b192be0cab7b2d9b005444f6756df97111f5
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan

behavioral2

dridex10555botnet