dridex | 714095358df3a4be5f252484972633094b9c7d244ac9df7e3b5035b397aaa27c | Triage

Sharing

General

Target

b9b1a13e7665c31643d700d99137cdca
Size

1.1MB
Sample

240307-z8pkasec56
MD5

b9b1a13e7665c31643d700d99137cdca
SHA1

e74747e4aad55c64cb946bd16b1ca951bd3486c0
SHA256

714095358df3a4be5f252484972633094b9c7d244ac9df7e3b5035b397aaa27c
SHA512

ebb4e9282bb2b058da80c6ea995ccfdd6bb97f2202d895fd462a5284dda37a4070f6f1a63329434d43f19a3ab4d63dec4e9c26bd2cfc971289a0a69fe30cf8f4
SSDEEP

12288:cM+ZdkmHubeaCo6Lga1w2A/sUQBJ8svp:cMcpTo6sg+0BOo

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  b9b1a13e7665c31643d700d99137cdca
- Size
  
  1.1MB
- MD5
  
  b9b1a13e7665c31643d700d99137cdca
- SHA1
  
  e74747e4aad55c64cb946bd16b1ca951bd3486c0
- SHA256
  
  714095358df3a4be5f252484972633094b9c7d244ac9df7e3b5035b397aaa27c
- SHA512
  
  ebb4e9282bb2b058da80c6ea995ccfdd6bb97f2202d895fd462a5284dda37a4070f6f1a63329434d43f19a3ab4d63dec4e9c26bd2cfc971289a0a69fe30cf8f4
- SSDEEP
  
  12288:cM+ZdkmHubeaCo6Lga1w2A/sUQBJ8svp:cMcpTo6sg+0BOo
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan