General

  • Target

    921e5238a62b3122d0c95521b633de0ea44e54403ab8529fdbc9af99f611064a

  • Size

    188KB

  • Sample

    210224-jfgyxdw4xj

  • MD5

    2bc3dfc7ffca3d969b16b08acd3bdd33

  • SHA1

    00317e4ca76f80f2cc85ea61b0c97c2c39e781b8

  • SHA256

    921e5238a62b3122d0c95521b633de0ea44e54403ab8529fdbc9af99f611064a

  • SHA512

    346a5e53730fa5dfca2d6101d6d1a6cf4c260ec9ef421722176c5caf79803affb91b28f07d5c500cd6f80f1353c099834428c6f257c9ae7b7dc616b3aa28bd43

Malware Config

Extracted

Family

dridex

Botnet

111

C2

209.151.236.42:443

91.121.94.86:8172

5.189.144.136:6516

rc4.plain
rc4.plain

Targets

    • Target

      921e5238a62b3122d0c95521b633de0ea44e54403ab8529fdbc9af99f611064a

    • Size

      188KB

    • MD5

      2bc3dfc7ffca3d969b16b08acd3bdd33

    • SHA1

      00317e4ca76f80f2cc85ea61b0c97c2c39e781b8

    • SHA256

      921e5238a62b3122d0c95521b633de0ea44e54403ab8529fdbc9af99f611064a

    • SHA512

      346a5e53730fa5dfca2d6101d6d1a6cf4c260ec9ef421722176c5caf79803affb91b28f07d5c500cd6f80f1353c099834428c6f257c9ae7b7dc616b3aa28bd43

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks