dridex | cf4274091b36b7439231891e5b2268db1049442a950160302415902567867d9f | Triage

Sharing

General

Target

13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67.zip
Size

131KB
Sample

230310-m4spyada66
MD5

854e816a678239cc4ba2c2d3f197c518
SHA1

48370b11c4e6b8d30114be613dede25628d16f54
SHA256

cf4274091b36b7439231891e5b2268db1049442a950160302415902567867d9f
SHA512

eecc10fb4acd1b44391c71f599535e4e354882c391e5fbdeb5a94609994dda982f71499597b664dc5594cfca416f8d81a31c77710573be62a1ccc9c0fcffac5e
SSDEEP

3072:GHtLq7txXldO+cy5sS5uHPh9Shz/2AX7ACICsZcR2kqXlq0160IDN:qtu7GDS6XmCAX7TICsZ5lqGgDN

Score

10^/10

dridex botnet evasion trojan

Malware Config

Extracted

Family

dridex

C2

107.191.111.143:443

91.235.129.113:443

185.16.41.224:443

Targets

- Target
  
  13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67.exe
- Size
  
  228KB
- MD5
  
  07b0ce2dd0370392eedb0fc161c99dc7
- SHA1
  
  abf30fe414f07060b95e49034f05f3e4698d71d8
- SHA256
  
  13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67
- SHA512
  
  cada09b81bb4d065d27b9293e5a87a04735b279f48fef22f0ea7e5c94af91798dd257d356585b3e71735e90288a364b38831071f5443a61fd29677fd4f1a907d
- SSDEEP
  
  3072:2OiQhEurPRvwXXgtxshEo8bXBkAPz/oEqlDq1vnPMqDPeyw+shR39BqWk:2Oi4EQSXWxsaxhrQ5lsXwj
Score

10^/10

dridex botnet evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Deletes itself
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasiontrojan

behavioral2

dridexbotnetevasiontrojan