dridex | f75b016f04df604ad70bbdb2c030c9a37e4597c36071c2f82229c88f1411d73f | Triage

Sharing

General

Target

j1wm6mumu.zip
Size

860KB
Sample

220522-f8dm9abdaj
MD5

2df0b838e766fa6e91f516dbb0bd34ad
SHA1

83278ba4321ebc65611b82d4b35e73008020f669
SHA256

f75b016f04df604ad70bbdb2c030c9a37e4597c36071c2f82229c88f1411d73f
SHA512

c7d4642f98872199ecbce0ed2edc75f52369b161910e5e010557cfb9942b4beab8b85ebf6135621ec1f8f5fb31000c63364f55fc68aaaf6d62efa9e9f246474d

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

210.65.244.184:443

147.78.186.4:10051

62.75.168.152:6601

rc4.plain

rc4.plain

Targets

- Target
  
  j1wm6mumu.zip
- Size
  
  860KB
- MD5
  
  2df0b838e766fa6e91f516dbb0bd34ad
- SHA1
  
  83278ba4321ebc65611b82d4b35e73008020f669
- SHA256
  
  f75b016f04df604ad70bbdb2c030c9a37e4597c36071c2f82229c88f1411d73f
- SHA512
  
  c7d4642f98872199ecbce0ed2edc75f52369b161910e5e010557cfb9942b4beab8b85ebf6135621ec1f8f5fb31000c63364f55fc68aaaf6d62efa9e9f246474d
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan