General

  • Target

    2bede6dbbdd845239a3cabd39e59f9a8e12d42623d86bc98f74c9a6372c973cd

  • Size

    503KB

  • Sample

    210207-n87cp3zj5e

  • MD5

    385a727cf2627cf35f6e822bd23af7dd

  • SHA1

    9b8b059fcd94ba413f3ef65ee8c97a2b660a801e

  • SHA256

    2bede6dbbdd845239a3cabd39e59f9a8e12d42623d86bc98f74c9a6372c973cd

  • SHA512

    33db39d8b5118f4474feda89146ad32b15be39aa0cd87c78ea516c106af741157027758331b39e47f9974404d3c03a44348e451cb9bcad84d8bcc85b207b44b4

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

172.86.186.21:443

103.1.185.227:3889

195.201.128.184:4443

77.81.226.88:3074

rc4.plain
rc4.plain

Targets

    • Target

      2bede6dbbdd845239a3cabd39e59f9a8e12d42623d86bc98f74c9a6372c973cd

    • Size

      503KB

    • MD5

      385a727cf2627cf35f6e822bd23af7dd

    • SHA1

      9b8b059fcd94ba413f3ef65ee8c97a2b660a801e

    • SHA256

      2bede6dbbdd845239a3cabd39e59f9a8e12d42623d86bc98f74c9a6372c973cd

    • SHA512

      33db39d8b5118f4474feda89146ad32b15be39aa0cd87c78ea516c106af741157027758331b39e47f9974404d3c03a44348e451cb9bcad84d8bcc85b207b44b4

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks