dridex | 3c08465a1453b7ae0a91858ca433f0670e11e769daaff2dd43cac6edc3fc0479 | Triage

Sharing

General

Target

a3b18c467e1d9e43ba85a2ccdcfaf83d_JaffaCakes118
Size

591KB
Sample

240817-xcvqbstdnl
MD5

a3b18c467e1d9e43ba85a2ccdcfaf83d
SHA1

1637338d208bb46bc48b989eed32b9bc5ea0ed65
SHA256

3c08465a1453b7ae0a91858ca433f0670e11e769daaff2dd43cac6edc3fc0479
SHA512

0178192294da81a1e2b100bfa655d389bc2f17be9ec2cff686f648cd75a720496cb928763bf383ebe751b5eae3fcadf27be9e34173f33d34543e61462e375220
SSDEEP

12288:2USSmPs6Qr0omJfasUuzqPBLRGxEXTML8WQ5BRrxKCD:2US7tQr0ZBfGDGx+MgWwHrx9D

Score

10^/10

dridex 10555 botnet discovery evasion

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

151.236.219.181:443

142.4.6.57:14043

162.144.127.197:3786

103.40.116.68:5443

rc4.plain

rc4.plain

Targets

- Target
  
  Report-24Sept.2020.scr
- Size
  
  734KB
- MD5
  
  d594e8a2098a81c9bfa24f3c17c992e6
- SHA1
  
  b9c820973407c7b4bef5b9ce98b7af62cafa397d
- SHA256
  
  fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d
- SHA512
  
  50049d1ded3f8cfcb6aa839c0341e91bb39b46dbd5376533f2725ce27e6ae5059d3f5af71100dd025b03b7a3cf90bfa920a93818ac1bafb30c65460514c4fd47
- SSDEEP
  
  12288:EY20AljdZgBPfKfi1leppjfQxAogJfqsUsz0cX0rLfGLEXTMd8MQ5B5rxVCz:Z20gPgFKLfQxAVBbIcXQGL+MWMwTrxMz
Score

10^/10

dridex 10555 botnet discovery evasion
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasion

behavioral2

dridex10555botnetdiscoveryevasion