dridex | ffb1150bbb28d53f325b00445be935cd657c1d8061ba73e91af5b343b6c0d438 | Triage

Sharing

General

Target

necurs
Size

1008KB
Sample

240708-wc1qxatbmg
MD5

6e05e84c7a993880409d7a0324c10e74
SHA1

4cac8146d54c5e47ec1c31a04c3cafdec9fbf209
SHA256

ffb1150bbb28d53f325b00445be935cd657c1d8061ba73e91af5b343b6c0d438
SHA512

4a4fa48ce31abea8cab4ca176f9d5be4b1b9b9c45c574f2e3605eaf04fd2fbd3da37d464300b2954623b0b9d377cff0a47d082b7fc1cc82a6d3eeab87555d43a
SSDEEP

24576:XiB1Q0SPpqqUGB9Qe5k04Q9RGuRUEy3FKEdeybpk/w:XJ/PMq3B9Qet1pyVbNbGo

Score

10^/10

dridex botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

C2

0.79.198.234:6811

59.14.232.108:13510

153.85.116.88:34145

109.165.79.26:57028

3.48.31.250:32970

198.99.233.8:64668

4.144.183.219:57415

170.9.63.116:12621

82.190.146.50:8956

110.106.233.26:61144

231.170.120.138:36240

104.89.112.76:49715

14.217.137.57:20854

108.38.229.252:62814

53.121.3.237:39876

97.219.18.138:20575

120.178.203.178:46408

220.127.249.215:18420

172.217.87.204:28067

175.53.142.26:45560

Targets

- Target
  
  necurs
- Size
  
  1008KB
- MD5
  
  6e05e84c7a993880409d7a0324c10e74
- SHA1
  
  4cac8146d54c5e47ec1c31a04c3cafdec9fbf209
- SHA256
  
  ffb1150bbb28d53f325b00445be935cd657c1d8061ba73e91af5b343b6c0d438
- SHA512
  
  4a4fa48ce31abea8cab4ca176f9d5be4b1b9b9c45c574f2e3605eaf04fd2fbd3da37d464300b2954623b0b9d377cff0a47d082b7fc1cc82a6d3eeab87555d43a
- SSDEEP
  
  24576:XiB1Q0SPpqqUGB9Qe5k04Q9RGuRUEy3FKEdeybpk/w:XJ/PMq3B9Qet1pyVbNbGo
Score

10^/10

dridex botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionloadertrojan

behavioral2

dridexbotnetevasionloadertrojan