General

  • Target

    gfia6.bin.zip

  • Size

    238KB

  • Sample

    210125-9835nawhxj

  • MD5

    fc40f11cea5293433cb7e257af0c3318

  • SHA1

    762f1b7c1dba89f3f474f429e6677e1b37e0c8a7

  • SHA256

    a077fb190db647713c6056a1d485f10085c022ecd474657cd9d93bc1ec60f012

  • SHA512

    cad76bff9ba44b39ce87cd4b9d1539c0da7ced395994f228a839db027a81d919e7f6e708a6f03e7fa0f53f4c0279555ec3e0eb6abd7a26fcc491ad7b66e43bcc

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

97.107.127.227:443

87.106.18.216:5037

185.184.25.235:5037

rc4.plain
rc4.plain

Targets

    • Target

      gfia6.bin

    • Size

      1.4MB

    • MD5

      12d32279667453bd01717eaff54aabea

    • SHA1

      50065749c49abb9882d3479c74fe47f6c3e981b9

    • SHA256

      3e7f3ba01606abb770a0353e587f44a0d4b21c161ed9c06ff9bde265c0f0304b

    • SHA512

      645932c5de08b3d47984db92969570945e7f9c4695ff9e00a28c1746672c455a3b61fb38e288a0aa0ba1b16d2b89d713ab93d0044252ca536dd99503e2719bfa

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks