dridex | 9b557bc81f0edefc594337a621bf803446df892a2de1ac0dff36d83b392b74e4 | Triage

Sharing

General

Target

9b557bc81f0edefc594337a621bf803446df892a2de1ac0dff36d83b392b74e4N
Size

208KB
Sample

240917-h5p8zs1bqf
MD5

7b9b5484b8906234c1a4641455f3c250
SHA1

80e396ced1c8834341d5ed7457e9e7e686c09e5b
SHA256

9b557bc81f0edefc594337a621bf803446df892a2de1ac0dff36d83b392b74e4
SHA512

76dc8db429a0d2d3d7dea1d2c3b5414e4cb58e860cfe3e0c96eb4c4dd838977a805468fb0bcc0d90abbab4dd488e5d5f29b2d996acdb3a11f017fdd510d24744
SSDEEP

3072:T0DpemgVst0qciSU12Eu/CSWznEeNd2LcT65hQt8Cz9B0k6Xq:SpepU127CjzEexUQSq9BH6X

Score

10^/10

dridex 40112 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

82.223.21.211:443

80.211.33.13:6601

185.148.168.220:2303

rc4.plain

rc4.plain

Targets

- Target
  
  9b557bc81f0edefc594337a621bf803446df892a2de1ac0dff36d83b392b74e4N
- Size
  
  208KB
- MD5
  
  7b9b5484b8906234c1a4641455f3c250
- SHA1
  
  80e396ced1c8834341d5ed7457e9e7e686c09e5b
- SHA256
  
  9b557bc81f0edefc594337a621bf803446df892a2de1ac0dff36d83b392b74e4
- SHA512
  
  76dc8db429a0d2d3d7dea1d2c3b5414e4cb58e860cfe3e0c96eb4c4dd838977a805468fb0bcc0d90abbab4dd488e5d5f29b2d996acdb3a11f017fdd510d24744
- SSDEEP
  
  3072:T0DpemgVst0qciSU12Eu/CSWznEeNd2LcT65hQt8Cz9B0k6Xq:SpepU127CjzEexUQSq9BH6X
Score

10^/10

dridex 40112 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryevasionloadertrojan

behavioral2

dridex40112botnetdiscoveryevasionloadertrojan