Resubmissions

24-12-2020 09:41

201224-9zk7n6mece 10

General

  • Target

    q.bin

  • Size

    494KB

  • Sample

    201224-9zk7n6mece

  • MD5

    501352dd7db1d943b6ccf838c4ae9b9e

  • SHA1

    0d91fd355f9824b232c6423c410cb0a760146563

  • SHA256

    745873208ce43a3b250f1dab6bb43f6cf1aeff3a8d5b6da890b5cfe865b35455

  • SHA512

    8e9ece93d6cc061191f0f145da7bf5b3d6b11690ffbf32b30c287addc14a4e86d87dc9c8ac5d0aa04f447d494671726b2b935fb69bbd2bc854bbf8bd9534ea44

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain

Targets

    • Target

      q.bin

    • Size

      494KB

    • MD5

      501352dd7db1d943b6ccf838c4ae9b9e

    • SHA1

      0d91fd355f9824b232c6423c410cb0a760146563

    • SHA256

      745873208ce43a3b250f1dab6bb43f6cf1aeff3a8d5b6da890b5cfe865b35455

    • SHA512

      8e9ece93d6cc061191f0f145da7bf5b3d6b11690ffbf32b30c287addc14a4e86d87dc9c8ac5d0aa04f447d494671726b2b935fb69bbd2bc854bbf8bd9534ea44

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Loads dropped DLL

    • JavaScript code in executable

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks