dridex | 79a3a7441a371606291f8bd47216a503b27a38ec61ba7604c9ba2597a54cc3d8 | Triage

Sharing

General

Target

n9h1k9gwt.gif
Size

518KB
Sample

230630-p34f6acf76
MD5

831c361b1f54a876c98fb6bf3cd5d688
SHA1

7a891d8553c874a3803df6a6a6436860e5d0de41
SHA256

79a3a7441a371606291f8bd47216a503b27a38ec61ba7604c9ba2597a54cc3d8
SHA512

d3e7d49e46ce0aa0d0675471b73ef2f2a5a2772fc57584db24d75259c4e5545a89c4b8506700e552aaf3727673353e9e035924c8beac61462616020097fb9ce1
SSDEEP

12288:JJfxk+9K4aDYDsnYE2IcZooZ9IumIzsv5H:hk+BWYB73i

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

94.126.8.2:443

37.187.161.206:33443

209.59.199.129:4443

157.245.130.146:3786

rc4.plain

rc4.plain

Targets

- Target
  
  n9h1k9gwt.gif
- Size
  
  518KB
- MD5
  
  831c361b1f54a876c98fb6bf3cd5d688
- SHA1
  
  7a891d8553c874a3803df6a6a6436860e5d0de41
- SHA256
  
  79a3a7441a371606291f8bd47216a503b27a38ec61ba7604c9ba2597a54cc3d8
- SHA512
  
  d3e7d49e46ce0aa0d0675471b73ef2f2a5a2772fc57584db24d75259c4e5545a89c4b8506700e552aaf3727673353e9e035924c8beac61462616020097fb9ce1
- SSDEEP
  
  12288:JJfxk+9K4aDYDsnYE2IcZooZ9IumIzsv5H:hk+BWYB73i
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

dridex10444botnetdiscoveryevasiontrojan