dridex | 68bb059983655c657e51f7c45b5f534c36b5382e2ae52eb8aeca5a8bdfbbffbe | Triage

Sharing

General

Target

4c4cdbb1b93fa8f9192d033e75c47a15
Size

1.1MB
Sample

231226-csg4yshfc6
MD5

4c4cdbb1b93fa8f9192d033e75c47a15
SHA1

0514afd0613bd09b3c348483cc214d2ef7c17887
SHA256

68bb059983655c657e51f7c45b5f534c36b5382e2ae52eb8aeca5a8bdfbbffbe
SHA512

e646e166ad88136195bf2f51ed9dd5afa4d2ddeac5a8ee5ae34b4273e500dfb09740207a27c5c771de86b5fbafd0da9d17ce2d2bb47deb1a3960f78b9939069a
SSDEEP

6144:bK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yTOK1hXzYmYCrQx6Zfc:bM+ZdkmHubeaCo66JJZ

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.185.32.10:8194

178.33.158.180:10172

109.74.50.71:9043

rc4.plain

rc4.plain

Targets

- Target
  
  4c4cdbb1b93fa8f9192d033e75c47a15
- Size
  
  1.1MB
- MD5
  
  4c4cdbb1b93fa8f9192d033e75c47a15
- SHA1
  
  0514afd0613bd09b3c348483cc214d2ef7c17887
- SHA256
  
  68bb059983655c657e51f7c45b5f534c36b5382e2ae52eb8aeca5a8bdfbbffbe
- SHA512
  
  e646e166ad88136195bf2f51ed9dd5afa4d2ddeac5a8ee5ae34b4273e500dfb09740207a27c5c771de86b5fbafd0da9d17ce2d2bb47deb1a3960f78b9939069a
- SSDEEP
  
  6144:bK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yTOK1hXzYmYCrQx6Zfc:bM+ZdkmHubeaCo66JJZ
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2