dridex | 6f1a1051c6a61f87e818d8578e164b1ba8378da653f5d004f82e11abcf890e24 | Triage

Sharing

General

Target

ec71f5c9ccea4858b62deb7267246b2f_JaffaCakes118
Size

731KB
Sample

240411-cg2dfscf41
MD5

ec71f5c9ccea4858b62deb7267246b2f
SHA1

9599930df68ce5046728421a97c26d3c19b7351d
SHA256

6f1a1051c6a61f87e818d8578e164b1ba8378da653f5d004f82e11abcf890e24
SHA512

465867a7fdf445d6c13bfe986c5e9556e3078c911596f21ea23112f42700f8f24b79c18c2e9356dab5eb4589debfaf61ef9b10fbfa07007f5cd40fc513700d9c
SSDEEP

12288:eM+ZdkmHubeaCo6zAO0s2A/sUQBJ8loSVacsb0z:eMcpTo6zhL0BOlXkc1

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

172.104.58.76:6225

204.174.223.210:9043

51.91.105.97:8443

rc4.plain

rc4.plain

Targets

- Target
  
  ec71f5c9ccea4858b62deb7267246b2f_JaffaCakes118
- Size
  
  731KB
- MD5
  
  ec71f5c9ccea4858b62deb7267246b2f
- SHA1
  
  9599930df68ce5046728421a97c26d3c19b7351d
- SHA256
  
  6f1a1051c6a61f87e818d8578e164b1ba8378da653f5d004f82e11abcf890e24
- SHA512
  
  465867a7fdf445d6c13bfe986c5e9556e3078c911596f21ea23112f42700f8f24b79c18c2e9356dab5eb4589debfaf61ef9b10fbfa07007f5cd40fc513700d9c
- SSDEEP
  
  12288:eM+ZdkmHubeaCo6zAO0s2A/sUQBJ8loSVacsb0z:eMcpTo6zhL0BOlXkc1
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan