6d5ca5fcaba6a6558013344ff5f11328e8079540e8ebe95789d9c185e11f8e44

General
Target

6d5ca5fcaba6a6558013344ff5f11328e8079540e8ebe95789d9c185e11f8e44

Size

598KB

Sample

210207-a4g64265r6

Score
10 /10
MD5

60a8f8f2ca0b34e728015a7481aa3fd0

SHA1

e3114c73570a07687de3f3c1e5121d1616899841

SHA256

6d5ca5fcaba6a6558013344ff5f11328e8079540e8ebe95789d9c185e11f8e44

SHA512

70b647d4cfa60b9e711c9bfd7aa2457e66b61e746884f9ff0f34d74cae99d7b921745d7241d215da7375b279d574317d0be0bad446f5d6f6c63df9c4a033024f

Malware Config

Extracted

Family dridex
Botnet 10444
C2

77.220.64.53:443

172.96.190.154:4664

209.126.111.137:33443

167.99.158.82:33443

rc4.plain
rc4.plain
Targets
Target

6d5ca5fcaba6a6558013344ff5f11328e8079540e8ebe95789d9c185e11f8e44

MD5

60a8f8f2ca0b34e728015a7481aa3fd0

Filesize

598KB

Score
10 /10
SHA1

e3114c73570a07687de3f3c1e5121d1616899841

SHA256

6d5ca5fcaba6a6558013344ff5f11328e8079540e8ebe95789d9c185e11f8e44

SHA512

70b647d4cfa60b9e711c9bfd7aa2457e66b61e746884f9ff0f34d74cae99d7b921745d7241d215da7375b279d574317d0be0bad446f5d6f6c63df9c4a033024f

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Blocklisted process makes network request

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks