dridex | f6de09c9efda38bfa8b122e5648d265f12b2048bb9e5c4b0c0cb782ef9102b2c | Triage

Sharing

General

Target

f6de09c9efda38bfa8b122e5648d265f12b2048bb9e5c4b0c0cb782ef9102b2c
Size

131KB
Sample

240417-qa43nage48
MD5

f987503b1f2dbe5b52ce2ad48919a7f9
SHA1

743fc385d2fa46392ff2ae270e98b303a1fb9ffb
SHA256

f6de09c9efda38bfa8b122e5648d265f12b2048bb9e5c4b0c0cb782ef9102b2c
SHA512

0a223210d209bf2066b02477eee76a9d57ff487821d6d314de7ab60ad503cebba666f0658493b64c0f428d544c4b7d59d5538cba536b80e41a7dccd212826f6c
SSDEEP

3072:J3a2n5sL0FmT25yHkIWeCKzrPcUxdHc0Dc2BjEyYNJFp8Rya:J3l1FmT25yH7zcoHc+cNyYNJKya

Score

10^/10

dridex botnet evasion trojan

Malware Config

Extracted

Family

dridex

C2

107.191.111.143:443

91.235.129.113:443

185.16.41.224:443

Targets

- Target
  
  13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67.exe
- Size
  
  228KB
- MD5
  
  07b0ce2dd0370392eedb0fc161c99dc7
- SHA1
  
  abf30fe414f07060b95e49034f05f3e4698d71d8
- SHA256
  
  13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67
- SHA512
  
  cada09b81bb4d065d27b9293e5a87a04735b279f48fef22f0ea7e5c94af91798dd257d356585b3e71735e90288a364b38831071f5443a61fd29677fd4f1a907d
- SSDEEP
  
  3072:2OiQhEurPRvwXXgtxshEo8bXBkAPz/oEqlDq1vnPMqDPeyw+shR39BqWk:2Oi4EQSXWxsaxhrQ5lsXwj
Score

10^/10

dridex botnet evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Deletes itself
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasiontrojan

behavioral2

dridexbotnetevasiontrojan