dridex | d94bbc62b2f345d98c2b69c6173a51e59e6e6d9581e5e6d51f46d35d8f3998c3 | Triage

Sharing

General

Target

d94bbc62b2f345d98c2b69c6173a51e59e6e6d9581e5e6d51f46d35d8f3998c3
Size

355KB
Sample

220326-b9v7gaehd5
MD5

f45d3e9f068eed28b41490774a7857e7
SHA1

d071a9ff48a7172081c3f89d0d5ae4016a523cf9
SHA256

d94bbc62b2f345d98c2b69c6173a51e59e6e6d9581e5e6d51f46d35d8f3998c3
SHA512

3f005cada6a051500688164ff1f5c5b6043b5e402fbb969d7993f75b89ac26a55fa7bc0c9c60f0a077b9d7bade38b8d12e77529566acb3267cc69b64880d0f19

Score

10^/10

dridex 10555 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

175.126.167.148:443

173.249.20.233:8043

162.241.204.233:4443

138.122.143.40:8043

rc4.plain

rc4.plain

Targets

- Target
  
  d94bbc62b2f345d98c2b69c6173a51e59e6e6d9581e5e6d51f46d35d8f3998c3
- Size
  
  355KB
- MD5
  
  f45d3e9f068eed28b41490774a7857e7
- SHA1
  
  d071a9ff48a7172081c3f89d0d5ae4016a523cf9
- SHA256
  
  d94bbc62b2f345d98c2b69c6173a51e59e6e6d9581e5e6d51f46d35d8f3998c3
- SHA512
  
  3f005cada6a051500688164ff1f5c5b6043b5e402fbb969d7993f75b89ac26a55fa7bc0c9c60f0a077b9d7bade38b8d12e77529566acb3267cc69b64880d0f19
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan

behavioral2

dridex10555botnet