dridex | 778dd2d54d394b1ac9e11c3fbfab3fe8094bb400fa3b5730e98a1cedfdc11079 | Triage

Sharing

General

Target

15de8e7ee6ac73a70d62be16d256817c
Size

1.1MB
Sample

231225-l3rktabgak
MD5

15de8e7ee6ac73a70d62be16d256817c
SHA1

9b30f949533da651f42b08f6eb787aa5b06fc6bf
SHA256

778dd2d54d394b1ac9e11c3fbfab3fe8094bb400fa3b5730e98a1cedfdc11079
SHA512

359e01f5cea0fea1b88c2d89a62c343f791d3786e222dd7f2696c08ab8f23a79487ecf454ddc4ef358bcb6bb139309d878edb34e2aef13b5cdf34b0d31dc9bd9
SSDEEP

6144:3K6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yTOK1hXzYmYCrQx65fc:3M+ZdkmHubeaCo66JJ5

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.185.32.10:8194

178.33.158.180:10172

109.74.50.71:9043

rc4.plain

rc4.plain

Targets

- Target
  
  15de8e7ee6ac73a70d62be16d256817c
- Size
  
  1.1MB
- MD5
  
  15de8e7ee6ac73a70d62be16d256817c
- SHA1
  
  9b30f949533da651f42b08f6eb787aa5b06fc6bf
- SHA256
  
  778dd2d54d394b1ac9e11c3fbfab3fe8094bb400fa3b5730e98a1cedfdc11079
- SHA512
  
  359e01f5cea0fea1b88c2d89a62c343f791d3786e222dd7f2696c08ab8f23a79487ecf454ddc4ef358bcb6bb139309d878edb34e2aef13b5cdf34b0d31dc9bd9
- SSDEEP
  
  6144:3K6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yTOK1hXzYmYCrQx65fc:3M+ZdkmHubeaCo66JJ5
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan