dridex | 11a796292aced5a713251ae6da4329fc6bea7b6e843a8ae493c7db4a2a862181 | Triage

Sharing

General

Target

9d6d2e3d5cd27fcec3a875c7cf8b7062
Size

620KB
Sample

231219-ztkmssahgm
MD5

9d6d2e3d5cd27fcec3a875c7cf8b7062
SHA1

d7421db843961ca54c296b79cc2e78aa14ea79aa
SHA256

11a796292aced5a713251ae6da4329fc6bea7b6e843a8ae493c7db4a2a862181
SHA512

a79ef4024f74b0ba9591648427135e2b5a46ed0aa9caed39f756971599370fa7113775c9603d526c73c0c6fecc33dd7fa589c7bb52a51b44ca2bd2698efa539b
SSDEEP

12288:SE6rSip4Ybs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1DO/zFZx:YeL93j0dMZnCutz4zI5xDwXUNm

Score

10^/10

dridex 10222 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  9d6d2e3d5cd27fcec3a875c7cf8b7062
- Size
  
  620KB
- MD5
  
  9d6d2e3d5cd27fcec3a875c7cf8b7062
- SHA1
  
  d7421db843961ca54c296b79cc2e78aa14ea79aa
- SHA256
  
  11a796292aced5a713251ae6da4329fc6bea7b6e843a8ae493c7db4a2a862181
- SHA512
  
  a79ef4024f74b0ba9591648427135e2b5a46ed0aa9caed39f756971599370fa7113775c9603d526c73c0c6fecc33dd7fa589c7bb52a51b44ca2bd2698efa539b
- SSDEEP
  
  12288:SE6rSip4Ybs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1DO/zFZx:YeL93j0dMZnCutz4zI5xDwXUNm
Score

10^/10

dridex 10222 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10222botnetdiscoveryevasiontrojan

behavioral2

dridex10222botnetdiscoveryevasiontrojan