dridex | 51fc19f8dd98ece514232b2db2f5fa918f279ec2209597d0c9a6f95ea9311663 | Triage

Sharing

General

Target

gyzkwsmw6.tar
Size

381KB
Sample

220626-gaaz5sagg3
MD5

0a93401ba77815b37c6301abdd7dc528
SHA1

23c162713424774e2c90a4468a12197c20df14b3
SHA256

51fc19f8dd98ece514232b2db2f5fa918f279ec2209597d0c9a6f95ea9311663
SHA512

6f6dd223d248eda6ae9dbb2f1024d750e73844315efb2cc6c52ba216c7dcded3c6d394787b6e10494edb9cf85af1b540120700e231ded808b6a473ea708bafb3

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

131.100.24.215:443

210.65.244.174:6601

195.201.199.53:2303

rc4.plain

rc4.plain

Targets

- Target
  
  gyzkwsmw6.tar
- Size
  
  381KB
- MD5
  
  0a93401ba77815b37c6301abdd7dc528
- SHA1
  
  23c162713424774e2c90a4468a12197c20df14b3
- SHA256
  
  51fc19f8dd98ece514232b2db2f5fa918f279ec2209597d0c9a6f95ea9311663
- SHA512
  
  6f6dd223d248eda6ae9dbb2f1024d750e73844315efb2cc6c52ba216c7dcded3c6d394787b6e10494edb9cf85af1b540120700e231ded808b6a473ea708bafb3
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan