dridex | 4d94e3ec253f0dd2ebece15d45c9fde03065db16ea809827fe03f78ae6113a1a | Triage

Sharing

General

Target

b53c6818f6b164458947830eef8b5488
Size

1.1MB
Sample

240305-vvd47ada75
MD5

b53c6818f6b164458947830eef8b5488
SHA1

4b6a28076343035c6f07cd50851a91f96058c97e
SHA256

4d94e3ec253f0dd2ebece15d45c9fde03065db16ea809827fe03f78ae6113a1a
SHA512

8206291943e677ab4b4c90b83c3c5724ccf7182c228334a062595eef9425ee7e67d5b0ce5daaee1849dc4d24aa4dfa4a11e7883927efc6bf3fcb45c81ed4ca4e
SSDEEP

12288:BM+ZdkmHubeaCo6Lga1w2A/sUQBJ8Avp:BMcpTo6sg+0BOU

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  b53c6818f6b164458947830eef8b5488
- Size
  
  1.1MB
- MD5
  
  b53c6818f6b164458947830eef8b5488
- SHA1
  
  4b6a28076343035c6f07cd50851a91f96058c97e
- SHA256
  
  4d94e3ec253f0dd2ebece15d45c9fde03065db16ea809827fe03f78ae6113a1a
- SHA512
  
  8206291943e677ab4b4c90b83c3c5724ccf7182c228334a062595eef9425ee7e67d5b0ce5daaee1849dc4d24aa4dfa4a11e7883927efc6bf3fcb45c81ed4ca4e
- SSDEEP
  
  12288:BM+ZdkmHubeaCo6Lga1w2A/sUQBJ8Avp:BMcpTo6sg+0BOU
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan