dridex | f5951b345050e10fa0d3b70b42e6b56d5a720a7a67c381345e33c145e2ba2452 | Triage

Sharing

General

Target

g62tkiapp.pdf
Size

539KB
Sample

220626-f9expsagd5
MD5

1ba0b20a2d03d8af03a7faa42b06417f
SHA1

4c528bb2afd93d8cb1199d05dc33d77e08f0ee88
SHA256

f5951b345050e10fa0d3b70b42e6b56d5a720a7a67c381345e33c145e2ba2452
SHA512

5447e2424e0beeace8c1d3de285fcd841b184e9ed1b3035334fd3005399aa0947b5688a22754b9114ff3f9444906481a519477fbd9cfdb17f23136ad14f6eef3

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain

rc4.plain

Targets

- Target
  
  g62tkiapp.pdf
- Size
  
  539KB
- MD5
  
  1ba0b20a2d03d8af03a7faa42b06417f
- SHA1
  
  4c528bb2afd93d8cb1199d05dc33d77e08f0ee88
- SHA256
  
  f5951b345050e10fa0d3b70b42e6b56d5a720a7a67c381345e33c145e2ba2452
- SHA512
  
  5447e2424e0beeace8c1d3de285fcd841b184e9ed1b3035334fd3005399aa0947b5688a22754b9114ff3f9444906481a519477fbd9cfdb17f23136ad14f6eef3
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnet