dridex | 14b7b3ead189325c7d5c634a0071f22c8d05e9285f94492b094f056ce61d75a1 | Triage

Sharing

General

Target

323bb39b2fecfd2f4d5ba59c1045a9b4_JaffaCakes118
Size

576KB
Sample

241010-28974sxbnm
MD5

323bb39b2fecfd2f4d5ba59c1045a9b4
SHA1

628c6f9b9f4d1ecfc8b6da5761ca4ccf22bf5b84
SHA256

14b7b3ead189325c7d5c634a0071f22c8d05e9285f94492b094f056ce61d75a1
SHA512

989c4a120eb02da0f2bc048b40a17a6ced1d02c7f4cd438a646056026f5d5c24b8cb07f444b0fa2cb42b5df7d45d1634a70d38ac7bd5241c1f063df85a9a50f7
SSDEEP

6144:RK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yTrkGxon2QDP/ly+VQyMJ89n:RM+ZdkmHubeaCo6akl2A/sUQBJ89n

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

158.106.98.110:6225

149.210.181.82:10172

178.33.13.40:7443

rc4.plain

rc4.plain

Targets

- Target
  
  323bb39b2fecfd2f4d5ba59c1045a9b4_JaffaCakes118
- Size
  
  576KB
- MD5
  
  323bb39b2fecfd2f4d5ba59c1045a9b4
- SHA1
  
  628c6f9b9f4d1ecfc8b6da5761ca4ccf22bf5b84
- SHA256
  
  14b7b3ead189325c7d5c634a0071f22c8d05e9285f94492b094f056ce61d75a1
- SHA512
  
  989c4a120eb02da0f2bc048b40a17a6ced1d02c7f4cd438a646056026f5d5c24b8cb07f444b0fa2cb42b5df7d45d1634a70d38ac7bd5241c1f063df85a9a50f7
- SSDEEP
  
  6144:RK6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yTrkGxon2QDP/ly+VQyMJ89n:RM+ZdkmHubeaCo6akl2A/sUQBJ89n
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan