dridex | f9f2bf64359f28b5c7c261321f5ee1da8207e138ea675287eb027235696649af | Triage

Sharing

General

Target

j7i4qif86.zip
Size

1.0MB
Sample

220626-gc7rwshagq
MD5

b42efe18ad2b37cb24daf1ee27db37dd
SHA1

92f63db052ba2e576a538090b12665cb9761dc2d
SHA256

f9f2bf64359f28b5c7c261321f5ee1da8207e138ea675287eb027235696649af
SHA512

d6f24963529822b49928ae721f71836b849ce64c3ee978e6306cb40c5bea9c23ae844d34c3bbdca3f720badaff547a66ebd71f4fed2ccbfe91dd1521be284cf8

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain

rc4.plain

Targets

- Target
  
  j7i4qif86.zip
- Size
  
  1.0MB
- MD5
  
  b42efe18ad2b37cb24daf1ee27db37dd
- SHA1
  
  92f63db052ba2e576a538090b12665cb9761dc2d
- SHA256
  
  f9f2bf64359f28b5c7c261321f5ee1da8207e138ea675287eb027235696649af
- SHA512
  
  d6f24963529822b49928ae721f71836b849ce64c3ee978e6306cb40c5bea9c23ae844d34c3bbdca3f720badaff547a66ebd71f4fed2ccbfe91dd1521be284cf8
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan