dridex | 582f062af319c7e2f23be49d321125334f497b9eebe9ac997bbd00d883020e68 | Triage

Sharing

General

Target

8040027d3b0d5643837366b46e114e47_JaffaCakes118
Size

784KB
Sample

240801-m21yjaxcjn
MD5

8040027d3b0d5643837366b46e114e47
SHA1

4f1daa28ca0d3cc0bb9044c2a225df33b9bf80eb
SHA256

582f062af319c7e2f23be49d321125334f497b9eebe9ac997bbd00d883020e68
SHA512

dd8b58a1702d831f20a868675d202d70de17f97352889274de0b7c7936a75ca57a1f39d68b7fbe28a23b5c8997552f6c5f95265efe5f52c96e499c7110e46537
SSDEEP

12288:jH2Bjy7t9KVRxsYFPRSo5XkBCLu+PY1iqTrGaFhnt/vqqBhf94MOFNkSr:jH2Jgt9eDpSxP1iqTzVSqBr5OFx

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

209.20.87.138:443

198.1.115.153:8172

151.236.29.248:6516

rc4.plain

rc4.plain

Targets

- Target
  
  8040027d3b0d5643837366b46e114e47_JaffaCakes118
- Size
  
  784KB
- MD5
  
  8040027d3b0d5643837366b46e114e47
- SHA1
  
  4f1daa28ca0d3cc0bb9044c2a225df33b9bf80eb
- SHA256
  
  582f062af319c7e2f23be49d321125334f497b9eebe9ac997bbd00d883020e68
- SHA512
  
  dd8b58a1702d831f20a868675d202d70de17f97352889274de0b7c7936a75ca57a1f39d68b7fbe28a23b5c8997552f6c5f95265efe5f52c96e499c7110e46537
- SSDEEP
  
  12288:jH2Bjy7t9KVRxsYFPRSo5XkBCLu+PY1iqTrGaFhnt/vqqBhf94MOFNkSr:jH2Jgt9eDpSxP1iqTzVSqBr5OFx
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan