j4r7zap

General
Target

j4r7zap

Size

539KB

Sample

201119-g2vmpr2nqj

Score
10 /10
MD5

19473a4823afb3ca1c966ffed1ee6003

SHA1

db853d8f738ee15172141315e96644bf6f265d6b

SHA256

7359fb03e09c8416c7a967f72df483a1b60066434c9e49e0deb4b18cb11e9192

SHA512

850fbc3ae33fa2d36fb4ecd7d06487be6dc1e382e7228faf1648b53e7c0d99ef9724b7578b1aaa42f97b53f2b60497737d14033e2deb09f38d838e7f2aa065cd

Malware Config

Extracted

Family dridex
Botnet 10555
C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain
Targets
Target

j4r7zap

MD5

19473a4823afb3ca1c966ffed1ee6003

Filesize

539KB

Score
10 /10
SHA1

db853d8f738ee15172141315e96644bf6f265d6b

SHA256

7359fb03e09c8416c7a967f72df483a1b60066434c9e49e0deb4b18cb11e9192

SHA512

850fbc3ae33fa2d36fb4ecd7d06487be6dc1e382e7228faf1648b53e7c0d99ef9724b7578b1aaa42f97b53f2b60497737d14033e2deb09f38d838e7f2aa065cd

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Blocklisted process makes network request

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral2

                        10/10