dridex | c575bf3f091019dd59dc8b57bde33a285b278dd258a7ed25da243550fa65b7a9 | Triage

Sharing

General

Target

c1e353c1dbeeea50811ea3dfcb83095d
Size

1.1MB
Sample

240311-3jm7qabf87
MD5

c1e353c1dbeeea50811ea3dfcb83095d
SHA1

318dcdb6aaf508ee9746b22a05494d4c5ad67eea
SHA256

c575bf3f091019dd59dc8b57bde33a285b278dd258a7ed25da243550fa65b7a9
SHA512

71c21d4e7d79d107f747863658c45a44047d42832d2c300d3748a682ee19c3d2daa7d067733228188fe047fc635dbec759438a32fa79f7cbae087585a0f15e62
SSDEEP

12288:VM+ZdkmHubeaCo6TRg522A/sUQBJ86vp:VMcpTo6a00BO2

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

176.9.89.122:10172

147.91.31.1:6225

103.30.247.115:7443

rc4.plain

rc4.plain

Targets

- Target
  
  c1e353c1dbeeea50811ea3dfcb83095d
- Size
  
  1.1MB
- MD5
  
  c1e353c1dbeeea50811ea3dfcb83095d
- SHA1
  
  318dcdb6aaf508ee9746b22a05494d4c5ad67eea
- SHA256
  
  c575bf3f091019dd59dc8b57bde33a285b278dd258a7ed25da243550fa65b7a9
- SHA512
  
  71c21d4e7d79d107f747863658c45a44047d42832d2c300d3748a682ee19c3d2daa7d067733228188fe047fc635dbec759438a32fa79f7cbae087585a0f15e62
- SSDEEP
  
  12288:VM+ZdkmHubeaCo6TRg522A/sUQBJ86vp:VMcpTo6a00BO2
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan