dridex | 81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1 | Triage

Sharing

General

Target

dfbaq8x5.rar
Size

525KB
Sample

220731-fswh5ahfd8
MD5

eb477791471e3b4379f816cbf7bc7a56
SHA1

5ec761e52521bda659646ca1bb5cad605b3a98d3
SHA256

81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1
SHA512

ed5d38339d0344b664e894fba4d0321b81f472556194f00287b684aa025bcaae210efbfecaa342e83a88d0729f8219950d45f4ebb9096f98f21142b025a6209c

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

169.255.216.36:443

138.201.138.91:3389

89.174.36.41:4643

87.106.89.36:3389

rc4.plain

rc4.plain

Targets

- Target
  
  dfbaq8x5.rar
- Size
  
  525KB
- MD5
  
  eb477791471e3b4379f816cbf7bc7a56
- SHA1
  
  5ec761e52521bda659646ca1bb5cad605b3a98d3
- SHA256
  
  81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1
- SHA512
  
  ed5d38339d0344b664e894fba4d0321b81f472556194f00287b684aa025bcaae210efbfecaa342e83a88d0729f8219950d45f4ebb9096f98f21142b025a6209c
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnet