dridex | 97cc04f8101ce385fc0e7ff04a803758a84637902e839c28a8c94371af6d05de | Triage

Sharing

General

Target

c5090bafa67afe78305e22066d6bb143_JaffaCakes118
Size

144KB
Sample

240827-p5j6astbpn
MD5

c5090bafa67afe78305e22066d6bb143
SHA1

dc03cafdf75c9f8bc9ace53ff8c4c1d679886390
SHA256

97cc04f8101ce385fc0e7ff04a803758a84637902e839c28a8c94371af6d05de
SHA512

7a35f02197b6d6023317b8ca4b9a22b0d55b0100521f363d7bc4e4954a0cd4d0f82b1f6ffc230cd6fa4e920faa41b183d250e70c003da68f5a84761439b85828
SSDEEP

3072:AU/o05iRZ5tLSApM4WKTdxARD1dmfrw7blYMS/oMQGRdRtssgnFzazAZzupXeqdt:fQ05KZ5tLS6ARD1dcVMS/zQGPRtEFzlm

Score

10^/10

dridex botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

C2

216.189.150.181:443

142.4.198.252:3389

216.98.148.156:1801

37.59.1.74:3389

Targets

- Target
  
  c5090bafa67afe78305e22066d6bb143_JaffaCakes118
- Size
  
  144KB
- MD5
  
  c5090bafa67afe78305e22066d6bb143
- SHA1
  
  dc03cafdf75c9f8bc9ace53ff8c4c1d679886390
- SHA256
  
  97cc04f8101ce385fc0e7ff04a803758a84637902e839c28a8c94371af6d05de
- SHA512
  
  7a35f02197b6d6023317b8ca4b9a22b0d55b0100521f363d7bc4e4954a0cd4d0f82b1f6ffc230cd6fa4e920faa41b183d250e70c003da68f5a84761439b85828
- SSDEEP
  
  3072:AU/o05iRZ5tLSApM4WKTdxARD1dmfrw7blYMS/oMQGRdRtssgnFzazAZzupXeqdt:fQ05KZ5tLS6ARD1dcVMS/zQGPRtEFzlm
Score

10^/10

dridex botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetdiscoveryevasiontrojan

behavioral2

dridexbotnetdiscoveryevasiontrojan