dridex | 00eb0f3c0b60125036e69011978da38f45ffbda1c3b256857f84c27e916c9c07 | Triage

Sharing

General

Target

17872fcbd429c48374b19640a9148a37
Size

1.1MB
Sample

231230-nyz3habahj
MD5

17872fcbd429c48374b19640a9148a37
SHA1

aef77b3bd2fcbbec31f219dfc7c81e7d1a4ca955
SHA256

00eb0f3c0b60125036e69011978da38f45ffbda1c3b256857f84c27e916c9c07
SHA512

18da0de33a903c1b3f82477d16aeebfa89368aa0bc4d928910f168dc786af237f33066c5e6ce6167c93e34ea0c26e4f798b9d6ea3ec7730215028a66aa5cee81
SSDEEP

12288:YM+ZdkmHubeaCo6Lga1w2A/sUQBJ88vp:YMcpTo6sg+0BOY

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  17872fcbd429c48374b19640a9148a37
- Size
  
  1.1MB
- MD5
  
  17872fcbd429c48374b19640a9148a37
- SHA1
  
  aef77b3bd2fcbbec31f219dfc7c81e7d1a4ca955
- SHA256
  
  00eb0f3c0b60125036e69011978da38f45ffbda1c3b256857f84c27e916c9c07
- SHA512
  
  18da0de33a903c1b3f82477d16aeebfa89368aa0bc4d928910f168dc786af237f33066c5e6ce6167c93e34ea0c26e4f798b9d6ea3ec7730215028a66aa5cee81
- SSDEEP
  
  12288:YM+ZdkmHubeaCo6Lga1w2A/sUQBJ88vp:YMcpTo6sg+0BOY
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan