dridex | 73562995da440814358a0b806926237909a06cb138ba73687d29d8478cbce54c | Triage

Sharing

General

Target

3be82934e87d92a76ff497ef0e701127
Size

1.1MB
Sample

231225-zfhlaaccb2
MD5

3be82934e87d92a76ff497ef0e701127
SHA1

55c4a5b82305dcc8b119e94156eecbf1f05cb95d
SHA256

73562995da440814358a0b806926237909a06cb138ba73687d29d8478cbce54c
SHA512

60df6b18edd8cc2cb20a6c2ecdaf80466fa96b1bd76baadaa1d9d58b5da4134d011515c52368dc24a561e34e69b84c97a212ec8202e53d51c0994ef5a6cec4d9
SSDEEP

6144:oK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yT1+ga1td0HZOUlcR0fc:oM+ZdkmHubeaCo6Lga1QHZbO0

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  3be82934e87d92a76ff497ef0e701127
- Size
  
  1.1MB
- MD5
  
  3be82934e87d92a76ff497ef0e701127
- SHA1
  
  55c4a5b82305dcc8b119e94156eecbf1f05cb95d
- SHA256
  
  73562995da440814358a0b806926237909a06cb138ba73687d29d8478cbce54c
- SHA512
  
  60df6b18edd8cc2cb20a6c2ecdaf80466fa96b1bd76baadaa1d9d58b5da4134d011515c52368dc24a561e34e69b84c97a212ec8202e53d51c0994ef5a6cec4d9
- SSDEEP
  
  6144:oK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yT1+ga1td0HZOUlcR0fc:oM+ZdkmHubeaCo6Lga1QHZbO0
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan