dridex | 13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67 | Triage

Sharing

General

Target

13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67.exe
Size

228KB
Sample

220830-yxr1lsgceq
MD5

07b0ce2dd0370392eedb0fc161c99dc7
SHA1

abf30fe414f07060b95e49034f05f3e4698d71d8
SHA256

13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67
SHA512

cada09b81bb4d065d27b9293e5a87a04735b279f48fef22f0ea7e5c94af91798dd257d356585b3e71735e90288a364b38831071f5443a61fd29677fd4f1a907d
SSDEEP

3072:2OiQhEurPRvwXXgtxshEo8bXBkAPz/oEqlDq1vnPMqDPeyw+shR39BqWk:2Oi4EQSXWxsaxhrQ5lsXwj

Score

10^/10

dridex botnet evasion trojan

Malware Config

Extracted

Family

dridex

C2

107.191.111.143:443

91.235.129.113:443

185.16.41.224:443

Targets

- Target
  
  13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67.exe
- Size
  
  228KB
- MD5
  
  07b0ce2dd0370392eedb0fc161c99dc7
- SHA1
  
  abf30fe414f07060b95e49034f05f3e4698d71d8
- SHA256
  
  13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67
- SHA512
  
  cada09b81bb4d065d27b9293e5a87a04735b279f48fef22f0ea7e5c94af91798dd257d356585b3e71735e90288a364b38831071f5443a61fd29677fd4f1a907d
- SSDEEP
  
  3072:2OiQhEurPRvwXXgtxshEo8bXBkAPz/oEqlDq1vnPMqDPeyw+shR39BqWk:2Oi4EQSXWxsaxhrQ5lsXwj
Score

10^/10

dridex botnet evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Deletes itself
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridexbotnetevasiontrojan

behavioral2

dridexbotnetevasiontrojan