dridex | b585a54184f3c933f4e0e38cadec4ada8950278bbdf69970b6f1539865772e36 | Triage

Sharing

General

Target

bea4379c47f02f88e77a690879a0d323
Size

620KB
Sample

231220-q8qb6afee5
MD5

bea4379c47f02f88e77a690879a0d323
SHA1

d82c912a86a5ebedede1015cf0b814b2711e75a7
SHA256

b585a54184f3c933f4e0e38cadec4ada8950278bbdf69970b6f1539865772e36
SHA512

ca5841bab2f75ea13b1f8513cf9740cd7a2e60f401bd6425155711a2df0c697db4051298d9a51493011a65f3f6e4ca00ab82f51e3679424b0fbb0662a465af93
SSDEEP

12288:4E6rSiY4Gbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1RO/zFZx:ee6z3j0dMZnCutz4zI5xDwXU3m

Score

10^/10

dridex 10222 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  bea4379c47f02f88e77a690879a0d323
- Size
  
  620KB
- MD5
  
  bea4379c47f02f88e77a690879a0d323
- SHA1
  
  d82c912a86a5ebedede1015cf0b814b2711e75a7
- SHA256
  
  b585a54184f3c933f4e0e38cadec4ada8950278bbdf69970b6f1539865772e36
- SHA512
  
  ca5841bab2f75ea13b1f8513cf9740cd7a2e60f401bd6425155711a2df0c697db4051298d9a51493011a65f3f6e4ca00ab82f51e3679424b0fbb0662a465af93
- SSDEEP
  
  12288:4E6rSiY4Gbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1RO/zFZx:ee6z3j0dMZnCutz4zI5xDwXU3m
Score

10^/10

dridex 10222 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10222botnetdiscoveryevasiontrojan

behavioral2

dridex10222botnetdiscoveryevasiontrojan