ucjk7st

General
Target

ucjk7st

Size

426KB

Sample

201126-mrd8rz1nds

Score
10 /10
MD5

455e8c40a659762249a13b5ef6cfb2cb

SHA1

818423b1fc4f4149e2bda0feb359c1605de1eb6c

SHA256

8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33

SHA512

7ba2b6f6c452009e74a31a0da2bc3a27e565fe12997c33cb0e8cf9397cd61ec232e2870516aa94e4f2affd2291f6b728b77775a6f8732dd5133a4df28a341123

Malware Config

Extracted

Family dridex
Botnet 10555
C2

194.225.58.216:443

178.254.40.132:691

216.172.165.70:3889

198.57.200.100:3786

rc4.plain
rc4.plain
Targets
Target

ucjk7st

MD5

455e8c40a659762249a13b5ef6cfb2cb

Filesize

426KB

Score
10 /10
SHA1

818423b1fc4f4149e2bda0feb359c1605de1eb6c

SHA256

8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33

SHA512

7ba2b6f6c452009e74a31a0da2bc3a27e565fe12997c33cb0e8cf9397cd61ec232e2870516aa94e4f2affd2291f6b728b77775a6f8732dd5133a4df28a341123

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Blocklisted process makes network request

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral2

                        10/10