General

  • Target

    ghen5nlzip

  • Size

    556KB

  • Sample

    201112-zgphfxrh7s

  • MD5

    ee69629c63e45daebdd031f840562b34

  • SHA1

    302b7da0d9472c75869d6c48eee9fb6b652dc618

  • SHA256

    d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450

  • SHA512

    43033b847b28c5781b65d18a8ba898a6572b5b687b46ac03318604ee9e8aad6964f723265bb1375eecc0b66a411955823540661e1e2c3da29466a060804a5419

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

77.220.64.39:443

69.164.207.140:3388

78.47.139.43:4443

103.244.206.74:33443

rc4.plain
rc4.plain

Targets

    • Target

      ghen5nlzip

    • Size

      556KB

    • MD5

      ee69629c63e45daebdd031f840562b34

    • SHA1

      302b7da0d9472c75869d6c48eee9fb6b652dc618

    • SHA256

      d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450

    • SHA512

      43033b847b28c5781b65d18a8ba898a6572b5b687b46ac03318604ee9e8aad6964f723265bb1375eecc0b66a411955823540661e1e2c3da29466a060804a5419

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks