dridex | a52d8a09e19daf112729e3ca5ffcfedcff41e1282789c427024f42d37e19ba7a | Triage

Sharing

General

Target

ef5f70ac1f655839bc2548df4096f624_JaffaCakes118
Size

608KB
Sample

240414-ykq8jsbh85
MD5

ef5f70ac1f655839bc2548df4096f624
SHA1

988bfcea7ecee42e93b19c6340ac36ccc1a02f7d
SHA256

a52d8a09e19daf112729e3ca5ffcfedcff41e1282789c427024f42d37e19ba7a
SHA512

64910fb7d90d4b6d6e6b71b9a08dba130933c6f7c36fc04f9f4d3df249565ff7dfff397f56ec6ca42cd4b8245900018ea0ef656952748dc838b4c0c55724d038
SSDEEP

12288:eZGQdqOGJWJqydLqQSeCqsVK8kPRGO35N9mV2zXc6:eZ0IWjeCVVK8kP9N9oS

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  ef5f70ac1f655839bc2548df4096f624_JaffaCakes118
- Size
  
  608KB
- MD5
  
  ef5f70ac1f655839bc2548df4096f624
- SHA1
  
  988bfcea7ecee42e93b19c6340ac36ccc1a02f7d
- SHA256
  
  a52d8a09e19daf112729e3ca5ffcfedcff41e1282789c427024f42d37e19ba7a
- SHA512
  
  64910fb7d90d4b6d6e6b71b9a08dba130933c6f7c36fc04f9f4d3df249565ff7dfff397f56ec6ca42cd4b8245900018ea0ef656952748dc838b4c0c55724d038
- SSDEEP
  
  12288:eZGQdqOGJWJqydLqQSeCqsVK8kPRGO35N9mV2zXc6:eZ0IWjeCVVK8kP9N9oS
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan