dridex | 3fd6a0b667270f85b4d929748b6b32d1ecb65d01fc0e3cec4bbc025452530f07 | Triage

Sharing

General

Target

885fdb11664be585ed74185fe466975d_JaffaCakes118
Size

604KB
Sample

240402-k1pg1acd7z
MD5

885fdb11664be585ed74185fe466975d
SHA1

0d915de1e4139437eea0b6bcc7dae6c9f188adeb
SHA256

3fd6a0b667270f85b4d929748b6b32d1ecb65d01fc0e3cec4bbc025452530f07
SHA512

8d7f99bc132155288a103125a95bc5c8b2977531809c47180bef1766cde1256749c653574e366f5657f1b2fa0000cc594e7424a0d7c6c6d7681231748ae63986
SSDEEP

12288:YuIBo9wMtjp4CqwqyaXPLAfx38TW9DiWUT2tq017JGoLbYW/:/Db4wqyaDA5sTWiXT2tq07G2B/

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  885fdb11664be585ed74185fe466975d_JaffaCakes118
- Size
  
  604KB
- MD5
  
  885fdb11664be585ed74185fe466975d
- SHA1
  
  0d915de1e4139437eea0b6bcc7dae6c9f188adeb
- SHA256
  
  3fd6a0b667270f85b4d929748b6b32d1ecb65d01fc0e3cec4bbc025452530f07
- SHA512
  
  8d7f99bc132155288a103125a95bc5c8b2977531809c47180bef1766cde1256749c653574e366f5657f1b2fa0000cc594e7424a0d7c6c6d7681231748ae63986
- SSDEEP
  
  12288:YuIBo9wMtjp4CqwqyaXPLAfx38TW9DiWUT2tq017JGoLbYW/:/Db4wqyaDA5sTWiXT2tq07G2B/
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan