dridex | fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d | Triage

Sharing

General

Target

d594e8a2098a81c9bfa24f3c17c992e6_JaffaCakes118
Size

734KB
Sample

240909-dys9vasang
MD5

d594e8a2098a81c9bfa24f3c17c992e6
SHA1

b9c820973407c7b4bef5b9ce98b7af62cafa397d
SHA256

fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d
SHA512

50049d1ded3f8cfcb6aa839c0341e91bb39b46dbd5376533f2725ce27e6ae5059d3f5af71100dd025b03b7a3cf90bfa920a93818ac1bafb30c65460514c4fd47
SSDEEP

12288:EY20AljdZgBPfKfi1leppjfQxAogJfqsUsz0cX0rLfGLEXTMd8MQ5B5rxVCz:Z20gPgFKLfQxAVBbIcXQGL+MWMwTrxMz

Score

10^/10

dridex 10555 botnet discovery evasion

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

151.236.219.181:443

142.4.6.57:14043

162.144.127.197:3786

103.40.116.68:5443

rc4.plain

rc4.plain

Targets

- Target
  
  d594e8a2098a81c9bfa24f3c17c992e6_JaffaCakes118
- Size
  
  734KB
- MD5
  
  d594e8a2098a81c9bfa24f3c17c992e6
- SHA1
  
  b9c820973407c7b4bef5b9ce98b7af62cafa397d
- SHA256
  
  fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d
- SHA512
  
  50049d1ded3f8cfcb6aa839c0341e91bb39b46dbd5376533f2725ce27e6ae5059d3f5af71100dd025b03b7a3cf90bfa920a93818ac1bafb30c65460514c4fd47
- SSDEEP
  
  12288:EY20AljdZgBPfKfi1leppjfQxAogJfqsUsz0cX0rLfGLEXTMd8MQ5B5rxVCz:Z20gPgFKLfQxAVBbIcXQGL+MWMwTrxMz
Score

10^/10

dridex 10555 botnet discovery evasion
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasion

behavioral2

dridex10555botnetdiscoveryevasion