General

  • Target

    46qvr.zip

  • Size

    427KB

  • Sample

    201125-x8zl92xxzn

  • MD5

    7e27a6a4a5f14fa05077d435b45f310a

  • SHA1

    60e46b1d09790f204e007e2e56aebbbd8c960122

  • SHA256

    43f5493faba5d37eb6cdf1444c6b505256556869e93bc8624ed04258c5c3e89f

  • SHA512

    1d6234150249196180ebcdb41188ccbba5331287b4958cf4a304c38b7ac15710a5715dc4cede49326e05bb0adcf19285ad12e49e7237c424143e363f9cb1fc97

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

45.77.154.161:1688

37.139.2.140:3889

49.212.179.180:3889

69.64.62.4:4443

rc4.plain
rc4.plain

Targets

    • Target

      46qvr.exe

    • Size

      635KB

    • MD5

      6c8ddb7493ad6ceb97527fa3235b6eef

    • SHA1

      077465e31e9f7ed4e588fac12ae1ae2f64109a53

    • SHA256

      b3168a3ea730423a6d425f53d1817aff0d1458a7c7f81fb08e76f83afd872a14

    • SHA512

      c41582b087acc01341d61b42b219d5031db869e87ac8620186f9f0101b6dd3fc2e202fca2c4f1157d0c8544147f182290d373a4a73a6b45bf050ad921fff612f

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks