dridex | 16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c | Triage

Sharing

General

Target

16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c
Size

391KB
Sample

220418-qjlbxacdb2
MD5

b685d1ae9a1038148e31396c43ab7498
SHA1

cba868c11941d356c6ad245efd2f3a6a0630cfc7
SHA256

16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c
SHA512

81ddd7fb4daa5bca490ec413fe07fa8b3349849d763aa21860b1b99de1ea1e71ae78f1f30c5f6e227ee81142211527d03d7ee5bdcb8968bb826ebeb00d0bb3ef

Score

10^/10

dridex 10555 botnet cryptone discovery evasion packer trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

194.150.118.7:443

45.77.154.161:1688

45.56.127.75:49160

62.171.142.179:4664

rc4.plain

rc4.plain

Targets

- Target
  
  16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c
- Size
  
  391KB
- MD5
  
  b685d1ae9a1038148e31396c43ab7498
- SHA1
  
  cba868c11941d356c6ad245efd2f3a6a0630cfc7
- SHA256
  
  16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c
- SHA512
  
  81ddd7fb4daa5bca490ec413fe07fa8b3349849d763aa21860b1b99de1ea1e71ae78f1f30c5f6e227ee81142211527d03d7ee5bdcb8968bb826ebeb00d0bb3ef
Score

10^/10

dridex 10555 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasiontrojan

behavioral2

dridex10555botnet