dridex | 42ed38ad7023327d24d68bf10ff1fad5841c8b95512bbb367d67be7b7769b914 | Triage

Sharing

General

Target

be5ed54f79918f5293e54b60f9ac7db0_JaffaCakes118
Size

608KB
Sample

240404-v2a14sde9t
MD5

be5ed54f79918f5293e54b60f9ac7db0
SHA1

89df1f52f7d466a3b4a1fa83f8c77428c7eb76b8
SHA256

42ed38ad7023327d24d68bf10ff1fad5841c8b95512bbb367d67be7b7769b914
SHA512

cd90838d042a18acc739ce7ba3048b4563a321f8f1c4e7c52393d8354f262044131025ef354dcf40e1bcd765e4fbd79f60f5b9c4ecfad44ad1179e7e7b97f272
SSDEEP

12288:dZGQdqOG5lJqydLqQSeCqsVK8kPRGO35N9mVZzXc6:dZ0fWjeCVVK8kP9N9oV

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  be5ed54f79918f5293e54b60f9ac7db0_JaffaCakes118
- Size
  
  608KB
- MD5
  
  be5ed54f79918f5293e54b60f9ac7db0
- SHA1
  
  89df1f52f7d466a3b4a1fa83f8c77428c7eb76b8
- SHA256
  
  42ed38ad7023327d24d68bf10ff1fad5841c8b95512bbb367d67be7b7769b914
- SHA512
  
  cd90838d042a18acc739ce7ba3048b4563a321f8f1c4e7c52393d8354f262044131025ef354dcf40e1bcd765e4fbd79f60f5b9c4ecfad44ad1179e7e7b97f272
- SSDEEP
  
  12288:dZGQdqOG5lJqydLqQSeCqsVK8kPRGO35N9mVZzXc6:dZ0fWjeCVVK8kP9N9oV
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan