dridex | ad5bf01a3744de1a28e149626379e8cadbce9a2526ffde4ef3faed337657aa5f | Triage

Sharing

General

Target

c1299d1ed8287bf9e38611ccb64b6e69
Size

1.1MB
Sample

240311-vwa4xshb7x
MD5

c1299d1ed8287bf9e38611ccb64b6e69
SHA1

fce6bbe6f32aebec96d4cefda498ea1f6c61c2f1
SHA256

ad5bf01a3744de1a28e149626379e8cadbce9a2526ffde4ef3faed337657aa5f
SHA512

dd952bc9f461305c001cd9fab63a75b48f2041bc3d1539ae1d8e7eaff3b123de3406f82f8b52a884982656bd6816a5857d072b55a83010dc9f1e4ac19d75022f
SSDEEP

12288:8M+ZdkmHubeaCo6Lga1w2A/sUQBJ8Avp:8McpTo6sg+0BOU

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  c1299d1ed8287bf9e38611ccb64b6e69
- Size
  
  1.1MB
- MD5
  
  c1299d1ed8287bf9e38611ccb64b6e69
- SHA1
  
  fce6bbe6f32aebec96d4cefda498ea1f6c61c2f1
- SHA256
  
  ad5bf01a3744de1a28e149626379e8cadbce9a2526ffde4ef3faed337657aa5f
- SHA512
  
  dd952bc9f461305c001cd9fab63a75b48f2041bc3d1539ae1d8e7eaff3b123de3406f82f8b52a884982656bd6816a5857d072b55a83010dc9f1e4ac19d75022f
- SSDEEP
  
  12288:8M+ZdkmHubeaCo6Lga1w2A/sUQBJ8Avp:8McpTo6sg+0BOU
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan