dridex | 1e16a50aa162f621eff22e8d55fc036845b36e2a9c23ae572bd9bca1455ac817 | Triage

Sharing

General

Target

a946fdd57831a6edfbc23186d599e9e6.zip
Size

391KB
Sample

240903-frd8fsygrf
MD5

51ca29e6bb629b91c241fe9f775d070d
SHA1

96d7f9eabcd48bd99b5c7c81f2987a3d3f0ce7e3
SHA256

1e16a50aa162f621eff22e8d55fc036845b36e2a9c23ae572bd9bca1455ac817
SHA512

172fabcff067e8074d20692b23e7d078090222526619d5da6a6b4de4ef6e5a88e8d8e373f1c74ac92dba71da0b9d6da9588c3f9a8838d89e3c9300d936ecd6bc
SSDEEP

12288:z9ZLGa1G/VEd1yEy+uswOo8ppHPQ7sTj/3mjuUwS:zXSjd1Ey+Zwj8PYgnPHU7

Score

10^/10

dridex 10444 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

rc4.plain

Targets

- Target
  
  409c2d9aa53c4ed61ccf1830b0f5852e527142aaf0db3c84a22463b8015dbe47
- Size
  
  608KB
- MD5
  
  a946fdd57831a6edfbc23186d599e9e6
- SHA1
  
  b68db0d73e0e5d04ea276c09d27fa3bfa8fdb990
- SHA256
  
  409c2d9aa53c4ed61ccf1830b0f5852e527142aaf0db3c84a22463b8015dbe47
- SHA512
  
  ec193ffff728cd33551e9237da9481c0fcce538f6daf963c6c9b617122920b98c37887a9d82bf7e37a978ed15561cf11196f6542700a078a2144fd9597b431c4
- SSDEEP
  
  12288:5ZGQdqOGyiJqydLqQSeCqsVK8kPRGO35N9mVazXc6F:5Z0BWjeCVVK8kP9N9ouv
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscoveryevasiontrojan

behavioral2

dridex10444botnetdiscoveryevasiontrojan