dridex

General

Target

ce680c4bc5dbbc7653c460f304a2cc60N
Size

236KB
Sample

240910-z2vgzavgnq
MD5

ce680c4bc5dbbc7653c460f304a2cc60
SHA1

3ef88db9bab60462a6a2c2e1ad6c2eeca4e75351
SHA256

ed24eece39db455a581606a6b6ebae2bdc90bdbec3aed974f619a3a0cd9d1431
SHA512

ea04cb2cca9059195601293d6677a60f3e7f48edfc22e3f456ca4f7ae759b802b23cec570e8071fa92092c3f8162e8709c0a6f62de5d5e0527c6f32a2bc1ea49
SSDEEP

6144:P4V3yyQTz8ITeRDZSw3D2Fsd1u/6mv5/dC:PciyQTdT+swTgt/6c/dC

Score

10^/10

Malware Config

Extracted

Family

dridex

Botnet

111

C2

77.220.64.40:443

8.4.9.152:3786

185.246.87.202:3098

rc4.plain

Targets

- Target
  
  ce680c4bc5dbbc7653c460f304a2cc60N
- Size
  
  236KB
- MD5
  
  ce680c4bc5dbbc7653c460f304a2cc60
- SHA1
  
  3ef88db9bab60462a6a2c2e1ad6c2eeca4e75351
- SHA256
  
  ed24eece39db455a581606a6b6ebae2bdc90bdbec3aed974f619a3a0cd9d1431
- SHA512
  
  ea04cb2cca9059195601293d6677a60f3e7f48edfc22e3f456ca4f7ae759b802b23cec570e8071fa92092c3f8162e8709c0a6f62de5d5e0527c6f32a2bc1ea49
- SSDEEP
  
  6144:P4V3yyQTz8ITeRDZSw3D2Fsd1u/6mv5/dC:PciyQTdT+swTgt/6c/dC
Score

10^/10

dridex 111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dridex Loader

Blocklisted process makes network request

Checks installed software on the system

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2