dridex

General

Target

JaffaCakes118_9204f297656515a422d2d6403d26115f
Size

664KB
Sample

250105-hgcmzswjf1
MD5

9204f297656515a422d2d6403d26115f
SHA1

7b0bfe9bba9c133fd455f60c7d0627bbc9d9c2a6
SHA256

66562be2e93162d4f91c9c6fa7a79c7dc270eda727488eada10a24b6c23dd62d
SHA512

406c8f49086b35dea2ed9eb42ec29c5fb468dc317369c3d19a4e2206714e04c574006f50d8edef8b9ebb60d642c7b2059aed51b9a9cc41d717e42572e465c0de
SSDEEP

12288:q/0Qzqf0e7i489M+6TFKywVt6PbEYU0eyJTT/Mu9oV01u9oaEPu:g0zh7yn6TFKywvCbEOxDMu9oyfaEPu

Score

10^/10

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

Targets

- Target
  
  JaffaCakes118_9204f297656515a422d2d6403d26115f
- Size
  
  664KB
- MD5
  
  9204f297656515a422d2d6403d26115f
- SHA1
  
  7b0bfe9bba9c133fd455f60c7d0627bbc9d9c2a6
- SHA256
  
  66562be2e93162d4f91c9c6fa7a79c7dc270eda727488eada10a24b6c23dd62d
- SHA512
  
  406c8f49086b35dea2ed9eb42ec29c5fb468dc317369c3d19a4e2206714e04c574006f50d8edef8b9ebb60d642c7b2059aed51b9a9cc41d717e42572e465c0de
- SSDEEP
  
  12288:q/0Qzqf0e7i489M+6TFKywVt6PbEYU0eyJTT/Mu9oV01u9oaEPu:g0zh7yn6TFKywvCbEOxDMu9oyfaEPu
Score

10^/10

dridex 10222 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dridex family

Blocklisted process makes network request

Checks installed software on the system

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2