dridex | 40bec49fd0d5749a0e5d2326090ddda77230606b9f126b3f76b5475e0df132db | Triage

Sharing

General

Target

aa0ae6977e33407beeb1d8a95608b0df_JaffaCakes118
Size

1.1MB
Sample

241127-27ve9svmew
MD5

aa0ae6977e33407beeb1d8a95608b0df
SHA1

f77242ca04be70971a60f2871f5a70f99e2c2318
SHA256

40bec49fd0d5749a0e5d2326090ddda77230606b9f126b3f76b5475e0df132db
SHA512

09fdadf437d26ccd7f0686f25e82bf22de76153993c5ce9044ddb9a456b36b8a01514c753d05c2fd590e3f7942d0a1b87e1f8f7250b27629900a8be5171648cb
SSDEEP

6144:6K6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yTrkGxM2QDP/ly+VQyMJ8ivp:6M+ZdkmHubeaCo6ak72A/sUQBJ8ivp

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

158.106.98.110:6225

149.210.181.82:10172

178.33.13.40:7443

rc4.plain

rc4.plain

Targets

- Target
  
  aa0ae6977e33407beeb1d8a95608b0df_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  aa0ae6977e33407beeb1d8a95608b0df
- SHA1
  
  f77242ca04be70971a60f2871f5a70f99e2c2318
- SHA256
  
  40bec49fd0d5749a0e5d2326090ddda77230606b9f126b3f76b5475e0df132db
- SHA512
  
  09fdadf437d26ccd7f0686f25e82bf22de76153993c5ce9044ddb9a456b36b8a01514c753d05c2fd590e3f7942d0a1b87e1f8f7250b27629900a8be5171648cb
- SSDEEP
  
  6144:6K6cyPiWCgknQ/HuyIzuTVzsMM56519p+6yTrkGxM2QDP/ly+VQyMJ8ivp:6M+ZdkmHubeaCo6ak72A/sUQBJ8ivp
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan