dridex | b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6 | Triage

Sharing

General

Target

b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6
Size

1.6MB
Sample

220708-jnml7saaf6
MD5

372dc041ce307882399cf03a4a3ec882
SHA1

8443ae12e21abdbd21e1d1406fbd8cede146390e
SHA256

b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6
SHA512

f9b6c9c9a0d8c57d1d6a54c3c9e300aac3203ddfff00d6bead7b3fa402881686ea51db727b3bd3c3384893628d71273ebbf0416f6e8c5f11d81f24e37ad9f869

Score

10^/10

dridex 10111 botnet cryptone discovery evasion packer trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

81.169.224.222:3389

62.75.168.106:3886

82.165.152.127:3389

rc4.plain

rc4.plain

Targets

- Target
  
  b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6
- Size
  
  1.6MB
- MD5
  
  372dc041ce307882399cf03a4a3ec882
- SHA1
  
  8443ae12e21abdbd21e1d1406fbd8cede146390e
- SHA256
  
  b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6
- SHA512
  
  f9b6c9c9a0d8c57d1d6a54c3c9e300aac3203ddfff00d6bead7b3fa402881686ea51db727b3bd3c3384893628d71273ebbf0416f6e8c5f11d81f24e37ad9f869
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan