dridex | 58ba5d9a1aabce238b67556467288e23982896f542f2f3d5acabb3d757a614be | Triage

Sharing

General

Target

61bfa4d1d5a1d8a60e5487f7049bd440
Size

1.1MB
Sample

231226-kxcn2aeaf2
MD5

61bfa4d1d5a1d8a60e5487f7049bd440
SHA1

72eecbcafdaafd3d2ab5bdcbde95b08916ca7141
SHA256

58ba5d9a1aabce238b67556467288e23982896f542f2f3d5acabb3d757a614be
SHA512

e521bad30c54b2340c052fad0b3c4a9b9ab63940bef5fd66bf8694575e3c1158019289b96c9d7276e7e5f0f08fab4d9f9f46574989b4dbc65b4d3d632c42d56a
SSDEEP

6144:KK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yT1+ga1td0HZOUlcROfc:KM+ZdkmHubeaCo6Lga1QHZbOO

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  61bfa4d1d5a1d8a60e5487f7049bd440
- Size
  
  1.1MB
- MD5
  
  61bfa4d1d5a1d8a60e5487f7049bd440
- SHA1
  
  72eecbcafdaafd3d2ab5bdcbde95b08916ca7141
- SHA256
  
  58ba5d9a1aabce238b67556467288e23982896f542f2f3d5acabb3d757a614be
- SHA512
  
  e521bad30c54b2340c052fad0b3c4a9b9ab63940bef5fd66bf8694575e3c1158019289b96c9d7276e7e5f0f08fab4d9f9f46574989b4dbc65b4d3d632c42d56a
- SSDEEP
  
  6144:KK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yT1+ga1td0HZOUlcROfc:KM+ZdkmHubeaCo6Lga1QHZbOO
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2