dridex

General

Target

df2ea18c16b1a2e10cf0478047be4e0c_JaffaCakes118
Size

168KB
Sample

240914-a12gfsxgpl
MD5

df2ea18c16b1a2e10cf0478047be4e0c
SHA1

2d1c0ca7b45318c5b57338112b49ac4b5c5968e5
SHA256

2d28a63e70dc8f1b27d3672f8104f68e4483562b3ff3733825ee4f60200347de
SHA512

95a4d243586880874dd12e72de31374b034eece48865de4c856ffd5d06e85e9a49ff01cb47e1ec6fab4ff8242f9ad33a34dae3bd4a55f81f31d01eea25a30c7e
SSDEEP

3072:e+rGFFRCMcyzAAykMPqIaXpZYnvf3gx4wblxLSoIm/H2QKGB2gC:e+rGFFlXAAcqj8nHgfOoIdG

Score

10^/10

Malware Config

Extracted

Family

dridex

Botnet

111

C2

173.203.78.138:443

217.160.107.189:6601

77.220.64.150:5037

rc4.plain

Targets

- Target
  
  df2ea18c16b1a2e10cf0478047be4e0c_JaffaCakes118
- Size
  
  168KB
- MD5
  
  df2ea18c16b1a2e10cf0478047be4e0c
- SHA1
  
  2d1c0ca7b45318c5b57338112b49ac4b5c5968e5
- SHA256
  
  2d28a63e70dc8f1b27d3672f8104f68e4483562b3ff3733825ee4f60200347de
- SHA512
  
  95a4d243586880874dd12e72de31374b034eece48865de4c856ffd5d06e85e9a49ff01cb47e1ec6fab4ff8242f9ad33a34dae3bd4a55f81f31d01eea25a30c7e
- SSDEEP
  
  3072:e+rGFFRCMcyzAAykMPqIaXpZYnvf3gx4wblxLSoIm/H2QKGB2gC:e+rGFFlXAAcqj8nHgfOoIdG
Score

10^/10

dridex 111 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dridex Loader

Blocklisted process makes network request

Checks installed software on the system

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2