dridex | 4e8b50459a8033a3e81008fe1e01df1997193d59f1012125325ee127281f387d | Triage

Sharing

General

Target

5cb98dc4e31e1e09b9ecf06a5fbc75f2_JaffaCakes118
Size

785KB
Sample

240719-txrbvstbqb
MD5

5cb98dc4e31e1e09b9ecf06a5fbc75f2
SHA1

4f8d8d02dbfbd65b7c24d46c0439ee245941470a
SHA256

4e8b50459a8033a3e81008fe1e01df1997193d59f1012125325ee127281f387d
SHA512

3a97dbed4172bdc59f505dc79fb67cf394eb2701c7ea2dc8778ebb97426f4bfb89031fc0667b3fe964f7b18e4561ce6e7aba840a412f654c24257bf7f9e30c6a
SSDEEP

12288:vbqkjZw1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTO81MOU7qOkQR1:vbqkjZwqxYjxoArwQobmMKFiOUFkK1

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

209.20.87.138:443

198.1.115.153:8172

151.236.29.248:6516

rc4.plain

rc4.plain

Targets

- Target
  
  5cb98dc4e31e1e09b9ecf06a5fbc75f2_JaffaCakes118
- Size
  
  785KB
- MD5
  
  5cb98dc4e31e1e09b9ecf06a5fbc75f2
- SHA1
  
  4f8d8d02dbfbd65b7c24d46c0439ee245941470a
- SHA256
  
  4e8b50459a8033a3e81008fe1e01df1997193d59f1012125325ee127281f387d
- SHA512
  
  3a97dbed4172bdc59f505dc79fb67cf394eb2701c7ea2dc8778ebb97426f4bfb89031fc0667b3fe964f7b18e4561ce6e7aba840a412f654c24257bf7f9e30c6a
- SSDEEP
  
  12288:vbqkjZw1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTO81MOU7qOkQR1:vbqkjZwqxYjxoArwQobmMKFiOUFkK1
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan