dridex | 4f1c3b591cf3ca66a4e87195b4ba1c4db325fd07c3a2d210ae4d8146da6df40b | Triage

Sharing

General

Target

d1c87b22c098c4e5550d65dc92740ba3
Size

1.1MB
Sample

240317-y5x7laff9y
MD5

d1c87b22c098c4e5550d65dc92740ba3
SHA1

96089fa64ae24502b503e480232f1f360986e6ce
SHA256

4f1c3b591cf3ca66a4e87195b4ba1c4db325fd07c3a2d210ae4d8146da6df40b
SHA512

760f30c2543e3874e2c1e3f9ca60abe57c240913e8e3b987e761e15478ac300a07f5723658e609da4af7ee27bb0e78e5e5b4f7f3f5e5591083f5db6ae3e79eed
SSDEEP

12288:wM+ZdkmHubeaCo6Lga1w2A/sUQBJ80vp:wMcpTo6sg+0BOg

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain

rc4.plain

Targets

- Target
  
  d1c87b22c098c4e5550d65dc92740ba3
- Size
  
  1.1MB
- MD5
  
  d1c87b22c098c4e5550d65dc92740ba3
- SHA1
  
  96089fa64ae24502b503e480232f1f360986e6ce
- SHA256
  
  4f1c3b591cf3ca66a4e87195b4ba1c4db325fd07c3a2d210ae4d8146da6df40b
- SHA512
  
  760f30c2543e3874e2c1e3f9ca60abe57c240913e8e3b987e761e15478ac300a07f5723658e609da4af7ee27bb0e78e5e5b4f7f3f5e5591083f5db6ae3e79eed
- SSDEEP
  
  12288:wM+ZdkmHubeaCo6Lga1w2A/sUQBJ80vp:wMcpTo6sg+0BOg
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan