General

  • Target

    uokhe8v0.dll

  • Size

    528KB

  • Sample

    201111-4hb2jxlssa

  • MD5

    cb19fe63b301713587e7bdddec6a50f7

  • SHA1

    e9b4ee7c2f9a3aa819ffe4bd48bd26fa5536e39b

  • SHA256

    d554bef77e35bbaa325fc61e5bca1ae419f9b2222110c913eb09b9369563c061

  • SHA512

    dab87c4956ded3992681d10666fec4026b40608f9501183f6e0b80ffd9776c7f7bb80305d4c94cdf0675c94a85f94606852d04873dbf1761346d508cf54ed6b8

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

77.220.64.39:443

69.164.207.140:3388

78.47.139.43:4443

103.244.206.74:33443

rc4.plain
rc4.plain

Targets

    • Target

      uokhe8v0.dll

    • Size

      528KB

    • MD5

      cb19fe63b301713587e7bdddec6a50f7

    • SHA1

      e9b4ee7c2f9a3aa819ffe4bd48bd26fa5536e39b

    • SHA256

      d554bef77e35bbaa325fc61e5bca1ae419f9b2222110c913eb09b9369563c061

    • SHA512

      dab87c4956ded3992681d10666fec4026b40608f9501183f6e0b80ffd9776c7f7bb80305d4c94cdf0675c94a85f94606852d04873dbf1761346d508cf54ed6b8

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks