dridex | 48df40524456a981de9356a9b89ecfded629e931b85e9f8519effb9d4079379c | Triage

Sharing

General

Target

c41cf929493bdd0b86c0aaffc7d9c583_JaffaCakes118
Size

920KB
Sample

240827-bc995avcqa
MD5

c41cf929493bdd0b86c0aaffc7d9c583
SHA1

8796dd1a9c4b8f7d85c2de9fbf07e876b5986f4c
SHA256

48df40524456a981de9356a9b89ecfded629e931b85e9f8519effb9d4079379c
SHA512

a26ccbc1be79a890e8c087a1a1fb3f4c9ea88556d9a2ee99398f6640cc3e738709df1dc1184714102868b1eb169d9fe1062ddba9319c4684af430b415116d800
SSDEEP

24576:NNWfnaVoffEQmyO378WTkvEKT9Hgce1BHbodCm:fuaq34yDWTkvvT9HgdbodC

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

209.20.87.138:443

198.1.115.153:8172

151.236.29.248:6516

rc4.plain

rc4.plain

Targets

- Target
  
  c41cf929493bdd0b86c0aaffc7d9c583_JaffaCakes118
- Size
  
  920KB
- MD5
  
  c41cf929493bdd0b86c0aaffc7d9c583
- SHA1
  
  8796dd1a9c4b8f7d85c2de9fbf07e876b5986f4c
- SHA256
  
  48df40524456a981de9356a9b89ecfded629e931b85e9f8519effb9d4079379c
- SHA512
  
  a26ccbc1be79a890e8c087a1a1fb3f4c9ea88556d9a2ee99398f6640cc3e738709df1dc1184714102868b1eb169d9fe1062ddba9319c4684af430b415116d800
- SSDEEP
  
  24576:NNWfnaVoffEQmyO378WTkvEKT9Hgce1BHbodCm:fuaq34yDWTkvvT9HgdbodC
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan