dridex | a874a244453f5dcda47c8bb2acf624b4257106a4c46a081343fc08a666103e5b | Triage

Sharing

General

Target

b938c943229df31686338011e8ebdbe1
Size

1.1MB
Sample

240307-vpetjagd22
MD5

b938c943229df31686338011e8ebdbe1
SHA1

3f0c956b4b7cde8b4280dca035b7214a05b88a67
SHA256

a874a244453f5dcda47c8bb2acf624b4257106a4c46a081343fc08a666103e5b
SHA512

9d486b317d3285c2b3486f98581f04deff6d6a989dd532944faddb03bed2e9ef769d7d2ffa0b513ad56ce956b2dfe438a3f57412d3e947acbdfcf28c84519488
SSDEEP

12288:MM+ZdkmHubeaCo6Lga1w2A/sUQBJ8ovp:MMcpTo6sg+0BOs

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  b938c943229df31686338011e8ebdbe1
- Size
  
  1.1MB
- MD5
  
  b938c943229df31686338011e8ebdbe1
- SHA1
  
  3f0c956b4b7cde8b4280dca035b7214a05b88a67
- SHA256
  
  a874a244453f5dcda47c8bb2acf624b4257106a4c46a081343fc08a666103e5b
- SHA512
  
  9d486b317d3285c2b3486f98581f04deff6d6a989dd532944faddb03bed2e9ef769d7d2ffa0b513ad56ce956b2dfe438a3f57412d3e947acbdfcf28c84519488
- SSDEEP
  
  12288:MM+ZdkmHubeaCo6Lga1w2A/sUQBJ8ovp:MMcpTo6sg+0BOs
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan