dridex | 6ad3f6310d394965888b043914b5c433f94d247a7650d8166ee734a4c5b51244 | Triage

Sharing

General

Target

7629866150.zip
Size

246KB
Sample

220629-mhqy8aggcn
MD5

058a7e04efa899c2f03b4224dcfe888f
SHA1

a256aef5814d3c7ce9df3e1fbc3af9dc17f2a9fc
SHA256

6ad3f6310d394965888b043914b5c433f94d247a7650d8166ee734a4c5b51244
SHA512

f1b5c4bf1c5a5c8f7a502dc5181ba0d339be30c873f96afe06b1e40b22a7c4b38467600681866e8dd32ec0b1f33ee0b94fb30b2044ea35a473a843d8e4e28dfd

Score

10^/10

dridex 10111 botnet cryptone discovery evasion packer trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

157.7.166.26:5353

162.144.127.197:3786

46.22.57.17:5037

rc4.plain

rc4.plain

Targets

- Target
  
  02c74ae576e11a6a29210f6885226f89dab917a5fb373b70dbd4587398c84042
- Size
  
  1.4MB
- MD5
  
  65aa1ef0fcf244ed35cbf6156068d875
- SHA1
  
  2cebd5ac679954f6a2009ffb41502d050a312025
- SHA256
  
  02c74ae576e11a6a29210f6885226f89dab917a5fb373b70dbd4587398c84042
- SHA512
  
  e7e7cda5a4c5b44de9ea4c9c08430b435d078d6683f4c363477cafb4c0f196a8394a9c779a334b02a76b2339b2efeadabdb592e8e48d2a355a9e65086a82da04
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan