dridex | 4bbcbe529479c0526f33fa0e878b58abeb727debee1c924616a6e1f9a95980b9 | Triage

Sharing

General

Target

c4voo0gc.rar
Size

576KB
Sample

220626-f3hd9aaed3
MD5

84b7173353617c4c216397c3e68cb948
SHA1

ec64476b9242df713471a933849ac75593edd2a9
SHA256

4bbcbe529479c0526f33fa0e878b58abeb727debee1c924616a6e1f9a95980b9
SHA512

c69886872913e0ef7121ea0105362cf44352a3619d1aa55b0ef6225b3ba177ef09f3235bdca5e19072c040029bf276493b304a12acfadfd586a78d6231497eb0

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

77.220.64.131:443

5.196.204.251:5037

192.99.41.136:981

24.229.3.146:4664

rc4.plain

rc4.plain

Targets

- Target
  
  c4voo0gc.rar
- Size
  
  576KB
- MD5
  
  84b7173353617c4c216397c3e68cb948
- SHA1
  
  ec64476b9242df713471a933849ac75593edd2a9
- SHA256
  
  4bbcbe529479c0526f33fa0e878b58abeb727debee1c924616a6e1f9a95980b9
- SHA512
  
  c69886872913e0ef7121ea0105362cf44352a3619d1aa55b0ef6225b3ba177ef09f3235bdca5e19072c040029bf276493b304a12acfadfd586a78d6231497eb0
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan