dridex

General

Target

JaffaCakes118_e3158668cf2a42e8c61e71a28a289d69
Size

608KB
Sample

250110-nlyc5svrdl
MD5

e3158668cf2a42e8c61e71a28a289d69
SHA1

c1cf4a1bf2bf15c42ad5bdd1688c21dcd9e41ca6
SHA256

efdb8fbf8b3c622e9a22daf5f0cae93abdd0f49067c1c5f09185d4ce495088d9
SHA512

8fe6a0ea0cf2c66a476f81d32069972ffa95d101fb721bf71c8013d53e1b3a26d5766314192837d694b2f8280dd618a97568f622b323dd66815ca0e52289b9f7
SSDEEP

12288:4ZGQdqOG+8JqydLqQSeCqsVK8kPRGO35N9mV8zXc6Z:4Z0HWjeCVVK8kP9N9oQf

Score

10^/10

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain

Targets

- Target
  
  JaffaCakes118_e3158668cf2a42e8c61e71a28a289d69
- Size
  
  608KB
- MD5
  
  e3158668cf2a42e8c61e71a28a289d69
- SHA1
  
  c1cf4a1bf2bf15c42ad5bdd1688c21dcd9e41ca6
- SHA256
  
  efdb8fbf8b3c622e9a22daf5f0cae93abdd0f49067c1c5f09185d4ce495088d9
- SHA512
  
  8fe6a0ea0cf2c66a476f81d32069972ffa95d101fb721bf71c8013d53e1b3a26d5766314192837d694b2f8280dd618a97568f622b323dd66815ca0e52289b9f7
- SSDEEP
  
  12288:4ZGQdqOG+8JqydLqQSeCqsVK8kPRGO35N9mV8zXc6Z:4Z0HWjeCVVK8kP9N9oQf
Score

10^/10

dridex 10444 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dridex family

Blocklisted process makes network request

Checks installed software on the system

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2