dridex | 3f7c187c9539e39d8556dfa534e260aa0255d682aee06e3afdcfe4c047bf6e77 | Triage

Sharing

General

Target

gbjfjb.rar
Size

497KB
Sample

220626-f9j7esghdn
MD5

4c40878a680989564d69aaaad6675b3d
SHA1

61ad964d616ed4a29fc0d3172840eced09ecc0ae
SHA256

3f7c187c9539e39d8556dfa534e260aa0255d682aee06e3afdcfe4c047bf6e77
SHA512

d997c6078564b628a8a45e3a2eb91b4dc177c892e9d3eff9026c7630bacad8344c4f63d5386e57d38381dc1002c53338001dbb4d6cd58b139b64ff2590165f17

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

178.128.83.165:443

128.199.59.13:8172

110.164.184.226:6516

rc4.plain

rc4.plain

Targets

- Target
  
  gbjfjb.rar
- Size
  
  497KB
- MD5
  
  4c40878a680989564d69aaaad6675b3d
- SHA1
  
  61ad964d616ed4a29fc0d3172840eced09ecc0ae
- SHA256
  
  3f7c187c9539e39d8556dfa534e260aa0255d682aee06e3afdcfe4c047bf6e77
- SHA512
  
  d997c6078564b628a8a45e3a2eb91b4dc177c892e9d3eff9026c7630bacad8344c4f63d5386e57d38381dc1002c53338001dbb4d6cd58b139b64ff2590165f17
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan