dridex

General

Target

89785c7b62e521f06bca91af6b6f328e_JaffaCakes118
Size

168KB
Sample

240811-h2qekstgmb
MD5

89785c7b62e521f06bca91af6b6f328e
SHA1

f001cf5d5da596084013baa9ae783467cda545ee
SHA256

c1ce668c9d1cfd9ab2a55ea02292ff3f5643aed4d9e0f773dbe1b33cd57b669a
SHA512

e83bd4aa310b5f94cf63194bc96ec921ab40f6a121c819cc1090491e886d864b4afb48af171c4bc6993d14971da83f04e779819e25398dd90404cfeeb27f95d7
SSDEEP

3072:J+rGFFRCMcyzAAykMPqIaXpZYnvf3gx4wblxLSoIm/H2QKGB2gC:J+rGFFlXAAcqj8nHgfOoIdG

Score

10^/10

Malware Config

Extracted

Family

dridex

Botnet

111

C2

173.203.78.138:443

217.160.107.189:6601

77.220.64.150:5037

rc4.plain

Targets

- Target
  
  89785c7b62e521f06bca91af6b6f328e_JaffaCakes118
- Size
  
  168KB
- MD5
  
  89785c7b62e521f06bca91af6b6f328e
- SHA1
  
  f001cf5d5da596084013baa9ae783467cda545ee
- SHA256
  
  c1ce668c9d1cfd9ab2a55ea02292ff3f5643aed4d9e0f773dbe1b33cd57b669a
- SHA512
  
  e83bd4aa310b5f94cf63194bc96ec921ab40f6a121c819cc1090491e886d864b4afb48af171c4bc6993d14971da83f04e779819e25398dd90404cfeeb27f95d7
- SSDEEP
  
  3072:J+rGFFRCMcyzAAykMPqIaXpZYnvf3gx4wblxLSoIm/H2QKGB2gC:J+rGFFlXAAcqj8nHgfOoIdG
Score

10^/10

dridex 111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dridex Loader

Blocklisted process makes network request

Checks installed software on the system

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2