dridex | 52659ab021a6d19ecc9e178e242477b6cf6b2cfacb14fb80b61ab93c1b8ae4b2 | Triage

Sharing

General

Target

d8ebc4500dbdbc4997f62571d979f26a_JaffaCakes118
Size

608KB
Sample

240405-t16kysgh5z
MD5

d8ebc4500dbdbc4997f62571d979f26a
SHA1

8dbc2aa93d864650b35bba34e59e1f2aef19208f
SHA256

52659ab021a6d19ecc9e178e242477b6cf6b2cfacb14fb80b61ab93c1b8ae4b2
SHA512

3f14e07cf10c25fb59175091dc7ab4d7eb5272b02ead7a65f573d9faad45608b4d1148c01e4a45413119ed0545477e0b9aa4fef6cd05e9c8ab19a47a331a3778
SSDEEP

12288:JZGQdqOGKtJqydLqQSeCqsVK8kPRGO35N9mV1zXc6:JZ0mWjeCVVK8kP9N9oJ

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  d8ebc4500dbdbc4997f62571d979f26a_JaffaCakes118
- Size
  
  608KB
- MD5
  
  d8ebc4500dbdbc4997f62571d979f26a
- SHA1
  
  8dbc2aa93d864650b35bba34e59e1f2aef19208f
- SHA256
  
  52659ab021a6d19ecc9e178e242477b6cf6b2cfacb14fb80b61ab93c1b8ae4b2
- SHA512
  
  3f14e07cf10c25fb59175091dc7ab4d7eb5272b02ead7a65f573d9faad45608b4d1148c01e4a45413119ed0545477e0b9aa4fef6cd05e9c8ab19a47a331a3778
- SSDEEP
  
  12288:JZGQdqOGKtJqydLqQSeCqsVK8kPRGO35N9mV1zXc6:JZ0mWjeCVVK8kP9N9oJ
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan