General

  • Target

    mdhnt.dll

  • Size

    539KB

  • Sample

    201118-8xqzwd9792

  • MD5

    fc8998b5afaa9a1d1c6f1eaf8641a967

  • SHA1

    db53da2690b86741ddd7837a974bd31cb063270e

  • SHA256

    d49f5b9b3da2c5ae18f28c40d008544337ba6e5febd76a8c88619079d0c262ca

  • SHA512

    89e3d4e2ba2054d737b118d4ad7772afeb26a407b5ec010a1cf1429e162a11eccfd8e6f2289c6efa9920932d49dee14f099966175138b3623b29e073bdb07081

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain

Targets

    • Target

      mdhnt.dll

    • Size

      539KB

    • MD5

      fc8998b5afaa9a1d1c6f1eaf8641a967

    • SHA1

      db53da2690b86741ddd7837a974bd31cb063270e

    • SHA256

      d49f5b9b3da2c5ae18f28c40d008544337ba6e5febd76a8c88619079d0c262ca

    • SHA512

      89e3d4e2ba2054d737b118d4ad7772afeb26a407b5ec010a1cf1429e162a11eccfd8e6f2289c6efa9920932d49dee14f099966175138b3623b29e073bdb07081

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks