dridex | a2d1f5f4f95e58299482eaecf9f0147e59df1e8f29660757a4ecd7cf21daf1ca | Triage

Sharing

General

Target

ae9f19e94d08e0c4a2ba07c7fcbcc905
Size

1.1MB
Sample

240229-qp3hdaad21
MD5

ae9f19e94d08e0c4a2ba07c7fcbcc905
SHA1

33f4010701b2328ec54a0bb9f26114bc2905f0d8
SHA256

a2d1f5f4f95e58299482eaecf9f0147e59df1e8f29660757a4ecd7cf21daf1ca
SHA512

e0ee816b0b652a70a7ba2ad9d3ed5dcdce8b35551be4ccbc70eda92db1aa6f52589d156a66226a55d949a430c192222be1bdca9f75fbc400b6e69fabb1690d62
SSDEEP

12288:EM+ZdkmHubeaCo6Lga1w2A/sUQBJ8cvp:EMcpTo6sg+0BO4

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  ae9f19e94d08e0c4a2ba07c7fcbcc905
- Size
  
  1.1MB
- MD5
  
  ae9f19e94d08e0c4a2ba07c7fcbcc905
- SHA1
  
  33f4010701b2328ec54a0bb9f26114bc2905f0d8
- SHA256
  
  a2d1f5f4f95e58299482eaecf9f0147e59df1e8f29660757a4ecd7cf21daf1ca
- SHA512
  
  e0ee816b0b652a70a7ba2ad9d3ed5dcdce8b35551be4ccbc70eda92db1aa6f52589d156a66226a55d949a430c192222be1bdca9f75fbc400b6e69fabb1690d62
- SSDEEP
  
  12288:EM+ZdkmHubeaCo6Lga1w2A/sUQBJ8cvp:EMcpTo6sg+0BO4
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan