dridex | 8a47bb3a1987425ac99f81c7a307a30a22f6200782dec8b3cbf2ce825d322c39 | Triage

Sharing

General

Target

e3e9f5f3aa0585c01b6230dd40c977d5
Size

620KB
Sample

231220-tpazxagfdn
MD5

e3e9f5f3aa0585c01b6230dd40c977d5
SHA1

d32e950bac24e56740615ee9f3f86c369812502c
SHA256

8a47bb3a1987425ac99f81c7a307a30a22f6200782dec8b3cbf2ce825d322c39
SHA512

6858855fa691cfd1a9968df48636ab4f9d78505a0e6d03c2f49157ff16eb17622d60073cd9246f3e4f98157d3a729ed139ce442f150096bcaa95520109666f7c
SSDEEP

12288:EE6rSi54cbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1HO/zFZx:qe/h3j0dMZnCutz4zI5xDwXUpm

Score

10^/10

dridex 10222 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  e3e9f5f3aa0585c01b6230dd40c977d5
- Size
  
  620KB
- MD5
  
  e3e9f5f3aa0585c01b6230dd40c977d5
- SHA1
  
  d32e950bac24e56740615ee9f3f86c369812502c
- SHA256
  
  8a47bb3a1987425ac99f81c7a307a30a22f6200782dec8b3cbf2ce825d322c39
- SHA512
  
  6858855fa691cfd1a9968df48636ab4f9d78505a0e6d03c2f49157ff16eb17622d60073cd9246f3e4f98157d3a729ed139ce442f150096bcaa95520109666f7c
- SSDEEP
  
  12288:EE6rSi54cbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1HO/zFZx:qe/h3j0dMZnCutz4zI5xDwXUpm
Score

10^/10

dridex 10222 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10222botnetdiscoveryevasiontrojan

behavioral2

dridex10222botnetdiscoveryevasiontrojan