dridex | 5bc5e163eb9c79c7fec76b1adc04d74460bbd2d0897fdd76af282baa5b07b442 | Triage

Sharing

General

Target

a6675792881b4b4d9376865e392579a7
Size

664KB
Sample

231219-1dzmfsgafq
MD5

a6675792881b4b4d9376865e392579a7
SHA1

cd349d7f23e7726cf41e9d7d211e4a21f065c884
SHA256

5bc5e163eb9c79c7fec76b1adc04d74460bbd2d0897fdd76af282baa5b07b442
SHA512

1a37a1b75c02c5bc7a21427df06a4d779741269e1d589bb2e90bf875f6ecbc364dfd0c7b95ee3af98c1cda4cc7bd11179ff4aa895bf3b6499817044f1b553778
SSDEEP

12288:A/0Qzqf0eui48+M+6TFKywVt6PbEYU0eyJTT/Mu9oV01ugoaEP:u0zhuZn6TFKywvCbEOxDMu9oykaEP

Score

10^/10

dridex 10222 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  a6675792881b4b4d9376865e392579a7
- Size
  
  664KB
- MD5
  
  a6675792881b4b4d9376865e392579a7
- SHA1
  
  cd349d7f23e7726cf41e9d7d211e4a21f065c884
- SHA256
  
  5bc5e163eb9c79c7fec76b1adc04d74460bbd2d0897fdd76af282baa5b07b442
- SHA512
  
  1a37a1b75c02c5bc7a21427df06a4d779741269e1d589bb2e90bf875f6ecbc364dfd0c7b95ee3af98c1cda4cc7bd11179ff4aa895bf3b6499817044f1b553778
- SSDEEP
  
  12288:A/0Qzqf0eui48+M+6TFKywVt6PbEYU0eyJTT/Mu9oV01ugoaEP:u0zhuZn6TFKywvCbEOxDMu9oykaEP
Score

10^/10

dridex 10222 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10222botnetdiscoveryevasiontrojan

behavioral2

dridex10222botnetdiscoveryevasiontrojan