dridex | 0c262ad9b5f041419149ee032e82abe2f7d06d263de648214c2a484436587d9a | Triage

Submit
Reports

Overview

overview

Static

static

3

16017353e6...18.dll

windows7-x64

16017353e6...18.dll

windows10-2004-x64

Sharing

General

Target

16017353e67868fd3b785aa22db51efb_JaffaCakes118
Size

168KB
Sample

240627-pm4rzstejn
MD5

16017353e67868fd3b785aa22db51efb
SHA1

c85f9fca75fab04d74bbece3c180f318d55581dd
SHA256

0c262ad9b5f041419149ee032e82abe2f7d06d263de648214c2a484436587d9a
SHA512

ac6e5395d17aa97fd0fd2b7748c7525b139a339b9f86e14a714bc57d193af4c825c0584a446830a3fb51d68687be6f193412bab7d3c86efc5e32836454a56586
SSDEEP

3072:p+rGFFRCMcyzAAykMPqIaXpZYnvf3gx4wblxLSoIm/H2QKGB2gC:p+rGFFlXAAcqj8nHgfOoIdG

Score

10^/10

dridex 111 botnet discovery evasion loader trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

16017353e67868fd3b785aa22db51efb_JaffaCakes118.dll

Resource

win7-20240508-en

dridex 111 botnet discovery evasion loader trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

16017353e67868fd3b785aa22db51efb_JaffaCakes118.dll

Resource

win10v2004-20240611-en

dridex 111 botnet discovery evasion loader trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

dridex

Botnet

111

C2

173.203.78.138:443

217.160.107.189:6601

77.220.64.150:5037

rc4.plain

rc4.plain

Targets

- Target
  
  16017353e67868fd3b785aa22db51efb_JaffaCakes118
- Size
  
  168KB
- MD5
  
  16017353e67868fd3b785aa22db51efb
- SHA1
  
  c85f9fca75fab04d74bbece3c180f318d55581dd
- SHA256
  
  0c262ad9b5f041419149ee032e82abe2f7d06d263de648214c2a484436587d9a
- SHA512
  
  ac6e5395d17aa97fd0fd2b7748c7525b139a339b9f86e14a714bc57d193af4c825c0584a446830a3fb51d68687be6f193412bab7d3c86efc5e32836454a56586
- SSDEEP
  
  3072:p+rGFFRCMcyzAAykMPqIaXpZYnvf3gx4wblxLSoIm/H2QKGB2gC:p+rGFFlXAAcqj8nHgfOoIdG
Score

10^/10

dridex 111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex111botnetdiscoveryevasionloadertrojan

behavioral2

dridex111botnetdiscoveryevasionloadertrojan

© 2018-2024

Terms | Privacy