dridex | 6ad3f6310d394965888b043914b5c433f94d247a7650d8166ee734a4c5b51244 | Triage

Sharing

General

Target

7629866150.zip
Size

246KB
Sample

220629-mhqy8aggcn
MD5

058a7e04efa899c2f03b4224dcfe888f
SHA1

a256aef5814d3c7ce9df3e1fbc3af9dc17f2a9fc
SHA256

6ad3f6310d394965888b043914b5c433f94d247a7650d8166ee734a4c5b51244
SHA512

f1b5c4bf1c5a5c8f7a502dc5181ba0d339be30c873f96afe06b1e40b22a7c4b38467600681866e8dd32ec0b1f33ee0b94fb30b2044ea35a473a843d8e4e28dfd

Score

10^/10

dridex 10111 botnet cryptone discovery evasion packer trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

157.7.166.26:5353

162.144.127.197:3786

46.22.57.17:5037

rc4.plain

rc4.plain

Targets

- Target
  
  02c74ae576e11a6a29210f6885226f89dab917a5fb373b70dbd4587398c84042
- Size
  
  1.4MB
- MD5
  
  65aa1ef0fcf244ed35cbf6156068d875
- SHA1
  
  2cebd5ac679954f6a2009ffb41502d050a312025
- SHA256
  
  02c74ae576e11a6a29210f6885226f89dab917a5fb373b70dbd4587398c84042
- SHA512
  
  e7e7cda5a4c5b44de9ea4c9c08430b435d078d6683f4c363477cafb4c0f196a8394a9c779a334b02a76b2339b2efeadabdb592e8e48d2a355a9e65086a82da04
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan