General

  • Target

    4cbff10d343ee330fc78282bd2283888fff51395f1ecf6a878046456de4fdabf

  • Size

    188KB

  • Sample

    210224-ag34dtn8ha

  • MD5

    1c9d1dadac4ceb61d057f6569d969aec

  • SHA1

    3e767c3e1fde4e731c8fae35f9743835cac955a8

  • SHA256

    4cbff10d343ee330fc78282bd2283888fff51395f1ecf6a878046456de4fdabf

  • SHA512

    78b349d0051f1f0aa1d840688147c120cb5fe60cf3b27f129ec27ecb3dc2b0c6746ab7f62d4ded6645d315f557170d4acb167e4405d8749df6061e9ef1438296

Malware Config

Extracted

Family

dridex

Botnet

111

C2

209.151.236.42:443

91.121.94.86:8172

5.189.144.136:6516

rc4.plain
rc4.plain

Targets

    • Target

      4cbff10d343ee330fc78282bd2283888fff51395f1ecf6a878046456de4fdabf

    • Size

      188KB

    • MD5

      1c9d1dadac4ceb61d057f6569d969aec

    • SHA1

      3e767c3e1fde4e731c8fae35f9743835cac955a8

    • SHA256

      4cbff10d343ee330fc78282bd2283888fff51395f1ecf6a878046456de4fdabf

    • SHA512

      78b349d0051f1f0aa1d840688147c120cb5fe60cf3b27f129ec27ecb3dc2b0c6746ab7f62d4ded6645d315f557170d4acb167e4405d8749df6061e9ef1438296

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks