dridex | 7f633f4268ead90625f72fc5e2ef96d6baedccb153faa873d6f32d105fb7ee98 | Triage

Sharing

General

Target

af2859a5206b7d5296d4b1d034020b87
Size

1.1MB
Sample

240229-wzh5dagg3s
MD5

af2859a5206b7d5296d4b1d034020b87
SHA1

d2c388cd83e8d6670a50d27a5ba692d1abb08ac9
SHA256

7f633f4268ead90625f72fc5e2ef96d6baedccb153faa873d6f32d105fb7ee98
SHA512

bc50e632a695c2f0c7817f0a615508ba83832fd67d6334564fa88f46e447c13ad59ea2f2bd28609da52fc95bc1c2ba7e23857d9e20e6714f2de06d1ef2b03d61
SSDEEP

6144:eK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yT1+ga1td0HZOUlcRefc:eM+ZdkmHubeaCo6Lga1QHZbOe

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  af2859a5206b7d5296d4b1d034020b87
- Size
  
  1.1MB
- MD5
  
  af2859a5206b7d5296d4b1d034020b87
- SHA1
  
  d2c388cd83e8d6670a50d27a5ba692d1abb08ac9
- SHA256
  
  7f633f4268ead90625f72fc5e2ef96d6baedccb153faa873d6f32d105fb7ee98
- SHA512
  
  bc50e632a695c2f0c7817f0a615508ba83832fd67d6334564fa88f46e447c13ad59ea2f2bd28609da52fc95bc1c2ba7e23857d9e20e6714f2de06d1ef2b03d61
- SSDEEP
  
  6144:eK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yT1+ga1td0HZOUlcRefc:eM+ZdkmHubeaCo6Lga1QHZbOe
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan