dridex | 0ed2ce70b17e3c2ab44a041ce022d8ba0dd74bae6a4778071dbba8d1f276c52e | Triage

Sharing

General

Target

2901a3d99aeb6d2231f77ed1787a6a44.zip
Size

386KB
Sample

240831-k65feawemk
MD5

31799f9f4f00057e6dcea3332bdda8f1
SHA1

e8514929dfdd66dacf923409cdf8652524e9164e
SHA256

0ed2ce70b17e3c2ab44a041ce022d8ba0dd74bae6a4778071dbba8d1f276c52e
SHA512

c732140946123eaa7f8c35038ca0f4613d570cdbc4360054f5633cecf55d55a9963b94a43345f44b96abf0eeab9fc7ee2c68ee473ddb44507198cbd6e287afc0
SSDEEP

12288:AlvE7GTSSh6UYKMUiKVjR0sFyRLVqslgl:gE6ph6nc0sFyZ1y

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  a43b7c1fff94a3a2c9cda875dc21e5bc57819537d1f6b9f9b91271e895201638
- Size
  
  604KB
- MD5
  
  2901a3d99aeb6d2231f77ed1787a6a44
- SHA1
  
  d5b8701ce4f615d0c9c427b060edfa398dd1df62
- SHA256
  
  a43b7c1fff94a3a2c9cda875dc21e5bc57819537d1f6b9f9b91271e895201638
- SHA512
  
  c3dd61e13fd28cf03400bccac710c4a3aa05e71fadaa9bb1e381a86c761f90c33a0c5c5ca8f6393c50e60b379c818d54c93cac384e5a2ee95ab6fefb9c52c578
- SSDEEP
  
  12288:9uIB/bwMtjp4CqwqyaXPLAfx38TW9DiWUT2tq017JGoLbqW/I:I6b4wqyaDA5sTWiXT2tq07G2v/I
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan