7setq.zip

General
Target

7setq.zip

Size

235KB

Sample

210208-tneaf4ytaa

Score
10 /10
MD5

49cdf6887221d7fdb9ed4948673b6bb6

SHA1

7944589e948f9ab3389ac4e54035ba6ea3759411

SHA256

8a8abc1e2be496d327293ae1309de2d26064a1fe13ef4710f3e5b8e02029e77b

SHA512

4d5eae86c599bd9f6ab5ce64deb61e04412dc3bed449092bf85527e1445404d6b6b05fbdca5057fcee709039a4a3731b654a0bd7eaff7d50d243903ed7222325

Malware Config

Extracted

Family dridex
Botnet 10111
C2

51.68.224.245:4646

188.165.17.91:8443

173.255.246.77:691

rc4.plain
rc4.plain
Targets
Target

7setq.exe

MD5

ce6b3fc8dfc97b648dc245ba1ea0a109

Filesize

1MB

Score
10 /10
SHA1

3f395722701450d2ea221b46f5fa4a0bcad9a3ec

SHA256

388d433e53b9c0294424bda5cc15e5a03c04c8aa9509d9161f9dc6176afb8b6a

SHA512

2b39526d7e23557c18226f76fe9d352d6cb24fa1184fbc8801733a06648e27dd5eaac94ef16276c1a1421e6be47c723b9f79dc1fc17e12d08161ff0fda8f575f

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation