dridex | a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba | Triage

Sharing

General

Target

pzxrk4325.dll
Size

355KB
Sample

201126-gnkj599wps
MD5

457a2d0c13db31222c66c3e623d88063
SHA1

15bd1122fe1a910c3b8f255bbe74de5ffed57fd2
SHA256

a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
SHA512

5eeb2bfcfedd0703134196a3135bba5bbc59d67ab51bc847c837e4243c1c1a7fa1971a5602af5f6d946ef1a0f5c5f5f1f1807fa5e5d6dc723b6d5888336875c3

Score

10^/10

dridex 10555 botnet discovery evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

194.225.58.216:443

178.254.40.132:691

216.172.165.70:3889

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  pzxrk4325.dll
- Size
  
  355KB
- MD5
  
  457a2d0c13db31222c66c3e623d88063
- SHA1
  
  15bd1122fe1a910c3b8f255bbe74de5ffed57fd2
- SHA256
  
  a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
- SHA512
  
  5eeb2bfcfedd0703134196a3135bba5bbc59d67ab51bc847c837e4243c1c1a7fa1971a5602af5f6d946ef1a0f5c5f5f1f1807fa5e5d6dc723b6d5888336875c3
Score

10^/10

dridex 10555 botnet discovery evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscoveryevasionloadertrojan

behavioral2

dridex10555botnetloader