dridex | 1daf833cafa900edd60fd7cefbef566ef99a2777a3edde03c383a7ed6a8c2bd3 | Triage

Sharing

General

Target

tz5mgy9.jpg
Size

1.0MB
Sample

220626-gt9ykshfbr
MD5

c6c46576974a7ff8b9a7ff524b22f4a4
SHA1

e5cba18fc2b89856cd7b5fd004c2f690b0c23848
SHA256

1daf833cafa900edd60fd7cefbef566ef99a2777a3edde03c383a7ed6a8c2bd3
SHA512

d2e8eb5a45e64d5efb05f448edbbfd4c4f2b1c6ed098e684c1d8bc2aad6f7d34ed09f87aacee36c886142a93702959da09d8d47f43ae4d9906df3e437ee93642

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain

rc4.plain

Targets

- Target
  
  tz5mgy9.jpg
- Size
  
  1.0MB
- MD5
  
  c6c46576974a7ff8b9a7ff524b22f4a4
- SHA1
  
  e5cba18fc2b89856cd7b5fd004c2f690b0c23848
- SHA256
  
  1daf833cafa900edd60fd7cefbef566ef99a2777a3edde03c383a7ed6a8c2bd3
- SHA512
  
  d2e8eb5a45e64d5efb05f448edbbfd4c4f2b1c6ed098e684c1d8bc2aad6f7d34ed09f87aacee36c886142a93702959da09d8d47f43ae4d9906df3e437ee93642
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan