General

  • Target

    9ab83ab5ebed13f082970b5d0fce98adf85892290c1eb9608959975acc4e43b2

  • Size

    330KB

  • Sample

    210207-l3z6w9zh4n

  • MD5

    a4d814e9e97b93f5882a930d290a04e3

  • SHA1

    9e7838ba2dc62433d6050e09adab7d6b529c8d2a

  • SHA256

    9ab83ab5ebed13f082970b5d0fce98adf85892290c1eb9608959975acc4e43b2

  • SHA512

    6fc23329ce48b683abedb68f5313682fc10011d208ee02cc1f16e1505a10cce1824b99bf2dea72f66daed9c7798f7770003a5b5b2e939679dd64644e56395b51

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

77.220.64.39:443

69.164.207.140:3388

78.47.139.43:4443

103.244.206.74:33443

rc4.plain
rc4.plain

Targets

    • Target

      9ab83ab5ebed13f082970b5d0fce98adf85892290c1eb9608959975acc4e43b2

    • Size

      330KB

    • MD5

      a4d814e9e97b93f5882a930d290a04e3

    • SHA1

      9e7838ba2dc62433d6050e09adab7d6b529c8d2a

    • SHA256

      9ab83ab5ebed13f082970b5d0fce98adf85892290c1eb9608959975acc4e43b2

    • SHA512

      6fc23329ce48b683abedb68f5313682fc10011d208ee02cc1f16e1505a10cce1824b99bf2dea72f66daed9c7798f7770003a5b5b2e939679dd64644e56395b51

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks