dridex | 6e0ddfa7d9cdbbca6e992bb3be602a7594ee7c575d70a8b20cf241d1a21cccae | Triage

Sharing

General

Target

6e0ddfa7d9cdbbca6e992bb3be602a7594ee7c575d70a8b20cf241d1a21cccae
Size

454KB
Sample

240910-2pjwtaygnr
MD5

3fc8390764179ab5034a492c4902cfc9
SHA1

9578739ca4fe624cf244d9ecc22762e9b8eb5c72
SHA256

6e0ddfa7d9cdbbca6e992bb3be602a7594ee7c575d70a8b20cf241d1a21cccae
SHA512

bbc64d7c68323c0a2b7ff3a8728938864e63bef91c9323dbda62cd33aada6c05f9996abe8a908d1445334f3875793816a23c5a701284174378c6c383c321029f
SSDEEP

6144:nLc7UtOpM1Z5k1xYO2LXjTH1pH5nF1pTMO1dmpd0GAQAwH:htOpOE1xYO2vTH15L1pTMOUd0GAQRH

Score

10^/10

dridex 40112 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain

rc4.plain

Targets

- Target
  
  6e0ddfa7d9cdbbca6e992bb3be602a7594ee7c575d70a8b20cf241d1a21cccae
- Size
  
  454KB
- MD5
  
  3fc8390764179ab5034a492c4902cfc9
- SHA1
  
  9578739ca4fe624cf244d9ecc22762e9b8eb5c72
- SHA256
  
  6e0ddfa7d9cdbbca6e992bb3be602a7594ee7c575d70a8b20cf241d1a21cccae
- SHA512
  
  bbc64d7c68323c0a2b7ff3a8728938864e63bef91c9323dbda62cd33aada6c05f9996abe8a908d1445334f3875793816a23c5a701284174378c6c383c321029f
- SSDEEP
  
  6144:nLc7UtOpM1Z5k1xYO2LXjTH1pH5nF1pTMO1dmpd0GAQAwH:htOpOE1xYO2vTH15L1pTMOUd0GAQRH
Score

10^/10

dridex 40112 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryevasionloadertrojan

behavioral2

dridex40112botnetdiscoveryevasionloadertrojan