General

  • Target

    qz0h69.pdf.dll

  • Size

    539KB

  • Sample

    201119-c3627ca6ns

  • MD5

    ba7ddbd663a50b149b22d810f4211207

  • SHA1

    06faf7fce11b89e4119c70c5a8cb56d97ab68bab

  • SHA256

    eb1a0c3677f4b416e43e2c4d88a30d1f5bd4d9b00b1e0c48efef31b034465e3c

  • SHA512

    cc26dd7686669b6af424cf6da3114e2fa2d5131a165f3711893ff4a9952c66918f080bf7593cf9010a8d63cfda2f447cb30fea321838cbf95c6415615307b403

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain

Targets

    • Target

      qz0h69.pdf.dll

    • Size

      539KB

    • MD5

      ba7ddbd663a50b149b22d810f4211207

    • SHA1

      06faf7fce11b89e4119c70c5a8cb56d97ab68bab

    • SHA256

      eb1a0c3677f4b416e43e2c4d88a30d1f5bd4d9b00b1e0c48efef31b034465e3c

    • SHA512

      cc26dd7686669b6af424cf6da3114e2fa2d5131a165f3711893ff4a9952c66918f080bf7593cf9010a8d63cfda2f447cb30fea321838cbf95c6415615307b403

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks