dridex | 97cc04f8101ce385fc0e7ff04a803758a84637902e839c28a8c94371af6d05de | Triage

Sharing

General

Target

97cc04f8101ce385fc0e7ff04a803758a84637902e839c28a8c94371af6d05de
Size

144KB
Sample

221130-sl946abc77
MD5

c5090bafa67afe78305e22066d6bb143
SHA1

dc03cafdf75c9f8bc9ace53ff8c4c1d679886390
SHA256

97cc04f8101ce385fc0e7ff04a803758a84637902e839c28a8c94371af6d05de
SHA512

7a35f02197b6d6023317b8ca4b9a22b0d55b0100521f363d7bc4e4954a0cd4d0f82b1f6ffc230cd6fa4e920faa41b183d250e70c003da68f5a84761439b85828
SSDEEP

3072:AU/o05iRZ5tLSApM4WKTdxARD1dmfrw7blYMS/oMQGRdRtssgnFzazAZzupXeqdt:fQ05KZ5tLS6ARD1dcVMS/zQGPRtEFzlm

Score

10^/10

dridex botnet evasion trojan

Malware Config

Extracted

Family

dridex

C2

216.189.150.181:443

142.4.198.252:3389

216.98.148.156:1801

37.59.1.74:3389

Targets

- Target
  
  97cc04f8101ce385fc0e7ff04a803758a84637902e839c28a8c94371af6d05de
- Size
  
  144KB
- MD5
  
  c5090bafa67afe78305e22066d6bb143
- SHA1
  
  dc03cafdf75c9f8bc9ace53ff8c4c1d679886390
- SHA256
  
  97cc04f8101ce385fc0e7ff04a803758a84637902e839c28a8c94371af6d05de
- SHA512
  
  7a35f02197b6d6023317b8ca4b9a22b0d55b0100521f363d7bc4e4954a0cd4d0f82b1f6ffc230cd6fa4e920faa41b183d250e70c003da68f5a84761439b85828
- SSDEEP
  
  3072:AU/o05iRZ5tLSApM4WKTdxARD1dmfrw7blYMS/oMQGRdRtssgnFzazAZzupXeqdt:fQ05KZ5tLS6ARD1dcVMS/zQGPRtEFzlm
Score

10^/10

dridex botnet evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

dridexbotnetevasiontrojan