dridex | 5420eb082520696d2374df7916cdb8ccb9ae1c6add26a330c71fd33d6d8bafce | Triage

Sharing

General

Target

5420eb082520696d2374df7916cdb8ccb9ae1c6add26a330c71fd33d6d8bafce
Size

136KB
Sample

220725-yzf15ahegl
MD5

0da16fd48afb99a9fed48abff0268e98
SHA1

5785c48119e74ba3db8a64ef2bd03f88280c75bf
SHA256

5420eb082520696d2374df7916cdb8ccb9ae1c6add26a330c71fd33d6d8bafce
SHA512

7d32b0751bcb4e217ee79fbf0d16b93064813c98a6b7c724c0751af9cd2864f923f580319c9e5644d81c28a4e179b2afb0dcaecfffc3abf637da2671ad292b31

Score

10^/10

dridex botnet evasion trojan

Malware Config

Extracted

Family

dridex

C2

64.87.26.17:443

192.241.220.155:1801

142.4.198.252:3389

216.98.148.156:1801

Targets

- Target
  
  5420eb082520696d2374df7916cdb8ccb9ae1c6add26a330c71fd33d6d8bafce
- Size
  
  136KB
- MD5
  
  0da16fd48afb99a9fed48abff0268e98
- SHA1
  
  5785c48119e74ba3db8a64ef2bd03f88280c75bf
- SHA256
  
  5420eb082520696d2374df7916cdb8ccb9ae1c6add26a330c71fd33d6d8bafce
- SHA512
  
  7d32b0751bcb4e217ee79fbf0d16b93064813c98a6b7c724c0751af9cd2864f923f580319c9e5644d81c28a4e179b2afb0dcaecfffc3abf637da2671ad292b31
Score

10^/10

dridex botnet evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

dridexbotnetevasiontrojan