dridex | db8945a793ea1bd94eb1aa3e3e14e84da66b3048f4a86e814e6d0f8dd5c8c276 | Triage

Sharing

General

Target

txs9e9.zip
Size

497KB
Sample

230630-p3g8xsdf8t
MD5

ea17e483833d1d1b26babad280b6f7cd
SHA1

ffd61dddb0607a6a12e9f58b50185be7998f7e39
SHA256

db8945a793ea1bd94eb1aa3e3e14e84da66b3048f4a86e814e6d0f8dd5c8c276
SHA512

7d2add1d53aa7d84ef2e223d5ef8b27ff8f7d5847a27407fed5d0d9cffd3a64bc6ebc41b8b6000d92f077ab7908f940963bdbafe6bb817131dc9ce78d3b2f95e
SSDEEP

6144:AfI9lZeImUv/UCSZbYnwzP5SYLJfQqksIFhPYdlST1TUnryl1jIbByQ+fRWlsK8W:eI/ZeIzkCcYEJJf4hwOBw21od+5O4C

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

178.128.83.165:443

128.199.59.13:8172

110.164.184.226:6516

rc4.plain

rc4.plain

Targets

- Target
  
  txs9e9.zip
- Size
  
  497KB
- MD5
  
  ea17e483833d1d1b26babad280b6f7cd
- SHA1
  
  ffd61dddb0607a6a12e9f58b50185be7998f7e39
- SHA256
  
  db8945a793ea1bd94eb1aa3e3e14e84da66b3048f4a86e814e6d0f8dd5c8c276
- SHA512
  
  7d2add1d53aa7d84ef2e223d5ef8b27ff8f7d5847a27407fed5d0d9cffd3a64bc6ebc41b8b6000d92f077ab7908f940963bdbafe6bb817131dc9ce78d3b2f95e
- SSDEEP
  
  6144:AfI9lZeImUv/UCSZbYnwzP5SYLJfQqksIFhPYdlST1TUnryl1jIbByQ+fRWlsK8W:eI/ZeIzkCcYEJJf4hwOBw21od+5O4C
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan