General

  • Target

    io7zx7ai.jpg.dll

  • Size

    539KB

  • Sample

    201118-dy3mwk7xra

  • MD5

    62be3a6896b52be1e7d1ddd0330caae8

  • SHA1

    2766b9be34ec6da23b3eb7a1e287d1271e19577f

  • SHA256

    0dfab637891eaf6ff9134a21c5200d677f6e915a25b43e8a4acc5fe90f793033

  • SHA512

    c7fbac0c7756d0c371f948dea93f63a353deb21620b95726decc188689e4c39a4f9eebdf5fe5c3114eb95accfdbdd8aedfa03353cb7447df8968e9c19df9f40c

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain

Targets

    • Target

      io7zx7ai.jpg.dll

    • Size

      539KB

    • MD5

      62be3a6896b52be1e7d1ddd0330caae8

    • SHA1

      2766b9be34ec6da23b3eb7a1e287d1271e19577f

    • SHA256

      0dfab637891eaf6ff9134a21c5200d677f6e915a25b43e8a4acc5fe90f793033

    • SHA512

      c7fbac0c7756d0c371f948dea93f63a353deb21620b95726decc188689e4c39a4f9eebdf5fe5c3114eb95accfdbdd8aedfa03353cb7447df8968e9c19df9f40c

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks