dridex | ced88a781a18875bea55ccbf9dcc043cb400bd2c3f35afed8b0a6a2f33290991 | Triage

Sharing

General

Target

bo2bck.tar
Size

373KB
Sample

220626-f2wv9aaeb6
MD5

8abd17bb45aaf7ded8caa930b60d38ef
SHA1

088e885d29c4ab954b98ee85c361dc4592416a01
SHA256

ced88a781a18875bea55ccbf9dcc043cb400bd2c3f35afed8b0a6a2f33290991
SHA512

5d6b41cd63b362dcec6b99426492b1b742e50c8544dae70a8088d5d36c9c33712e6404f674ed389dc4f8d8b3567b5913d08b55761456fbdbac4de7413e1b2759

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

210.65.244.179:443

37.247.35.130:6601

103.18.108.116:6601

rc4.plain

rc4.plain

Targets

- Target
  
  bo2bck.tar
- Size
  
  373KB
- MD5
  
  8abd17bb45aaf7ded8caa930b60d38ef
- SHA1
  
  088e885d29c4ab954b98ee85c361dc4592416a01
- SHA256
  
  ced88a781a18875bea55ccbf9dcc043cb400bd2c3f35afed8b0a6a2f33290991
- SHA512
  
  5d6b41cd63b362dcec6b99426492b1b742e50c8544dae70a8088d5d36c9c33712e6404f674ed389dc4f8d8b3567b5913d08b55761456fbdbac4de7413e1b2759
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan