dridex | 70ecee1d8df8232488b0ba01f92fb28790636debaa201acad4412968648aef92 | Triage

Sharing

General

Target

e82f99d2387b854cd4815f0b6052e257_JaffaCakes118
Size

1.1MB
Sample

240408-xq39maha96
MD5

e82f99d2387b854cd4815f0b6052e257
SHA1

c3cd23cb7d0bbd61fd9a8c0a7355dcdd2d42468d
SHA256

70ecee1d8df8232488b0ba01f92fb28790636debaa201acad4412968648aef92
SHA512

e340e689e402761b83916996b8b3d0344997df6eb0484cb69f441ceccca5e50905e78465705010376ab0dee20927e8a45a3598b5b330f6c61e4052be121056d8
SSDEEP

6144:GK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yT3LvnH2QDP/ly+VQyMJ82vp:GM+ZdkmHubeaCo6ELfH2A/sUQBJ82vp

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

139.59.124.65:6225

138.121.91.136:9043

103.253.107.155:7443

rc4.plain

rc4.plain

Targets

- Target
  
  e82f99d2387b854cd4815f0b6052e257_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  e82f99d2387b854cd4815f0b6052e257
- SHA1
  
  c3cd23cb7d0bbd61fd9a8c0a7355dcdd2d42468d
- SHA256
  
  70ecee1d8df8232488b0ba01f92fb28790636debaa201acad4412968648aef92
- SHA512
  
  e340e689e402761b83916996b8b3d0344997df6eb0484cb69f441ceccca5e50905e78465705010376ab0dee20927e8a45a3598b5b330f6c61e4052be121056d8
- SSDEEP
  
  6144:GK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yT3LvnH2QDP/ly+VQyMJ82vp:GM+ZdkmHubeaCo6ELfH2A/sUQBJ82vp
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan