dridex | c279d94d48f0b3813fd7f82009898eff9ef38da5229287d79a1e66d066e9752f | Triage

Sharing

General

Target

49127bbe93a13d6292b439e3aad2c8f2_JaffaCakes118
Size

620KB
Sample

240331-behynaah3x
MD5

49127bbe93a13d6292b439e3aad2c8f2
SHA1

7ec2fb1f0e5d513be0c0b1e066c168e7a2034338
SHA256

c279d94d48f0b3813fd7f82009898eff9ef38da5229287d79a1e66d066e9752f
SHA512

ccc559f264da2f32166073b8546f495784b7fc112853730e542cbbe9bcbec5f1b2d8e04f40251ccf5bfc0abe8aa3bdb507fcfce8c81c4aa703de879064a40af5
SSDEEP

12288:7E6rSiH48bs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1TO/zFZx:ZepB3j0dMZnCutz4zI5xDwXUJm

Score

10^/10

dridex 10222 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  49127bbe93a13d6292b439e3aad2c8f2_JaffaCakes118
- Size
  
  620KB
- MD5
  
  49127bbe93a13d6292b439e3aad2c8f2
- SHA1
  
  7ec2fb1f0e5d513be0c0b1e066c168e7a2034338
- SHA256
  
  c279d94d48f0b3813fd7f82009898eff9ef38da5229287d79a1e66d066e9752f
- SHA512
  
  ccc559f264da2f32166073b8546f495784b7fc112853730e542cbbe9bcbec5f1b2d8e04f40251ccf5bfc0abe8aa3bdb507fcfce8c81c4aa703de879064a40af5
- SSDEEP
  
  12288:7E6rSiH48bs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1TO/zFZx:ZepB3j0dMZnCutz4zI5xDwXUJm
Score

10^/10

dridex 10222 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10222botnetdiscoveryevasiontrojan

behavioral2

dridex10222botnetdiscoveryevasiontrojan