dridex | 4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c | Triage

Sharing

General

Target

4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c
Size

3.0MB
Sample

220625-1kz7kafcc5
MD5

abf6e9892c2de2d0df9dc8a80f7dd4ca
SHA1

026493fb163831a7b0678bc51d851dc722d61888
SHA256

4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c
SHA512

237df4beefc43d8f2c38c492f2e5223ef3782e42ee47099afeee0fa9a157649899f4533a9dc697a694a6726b55982f934a33cb1167b5255e336c89859b5f366f

Score

10^/10

dridex botnet

Malware Config

Extracted

Family

dridex

C2

23.226.225.152:443

178.128.20.11:3389

198.23.146.216:8443

206.189.112.148:691

Targets

- Target
  
  4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c
- Size
  
  3.0MB
- MD5
  
  abf6e9892c2de2d0df9dc8a80f7dd4ca
- SHA1
  
  026493fb163831a7b0678bc51d851dc722d61888
- SHA256
  
  4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c
- SHA512
  
  237df4beefc43d8f2c38c492f2e5223ef3782e42ee47099afeee0fa9a157649899f4533a9dc697a694a6726b55982f934a33cb1167b5255e336c89859b5f366f
Score

10^/10

dridex botnet
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2