General

  • Target

    de39140ed6443ed440847750713bf78af2094bb59691eca90da85b3851a4ae2e

  • Size

    188KB

  • Sample

    210224-mq6gr33r42

  • MD5

    92e4f5d47587b06987ce2ffe57cd5195

  • SHA1

    3faddd56423bad6ec1572add0ec04606613a70ef

  • SHA256

    de39140ed6443ed440847750713bf78af2094bb59691eca90da85b3851a4ae2e

  • SHA512

    831354704c1294e8a2a886c1924fee61b2a3ba6bf041a4225ece006e2bf352e5273899d3d4e64ad0e9f38d7772694d6db17ecc12fa372cbf7bef0d3a310f61ec

Malware Config

Extracted

Family

dridex

Botnet

111

C2

209.151.236.42:443

91.121.94.86:8172

5.189.144.136:6516

rc4.plain
rc4.plain

Targets

    • Target

      de39140ed6443ed440847750713bf78af2094bb59691eca90da85b3851a4ae2e

    • Size

      188KB

    • MD5

      92e4f5d47587b06987ce2ffe57cd5195

    • SHA1

      3faddd56423bad6ec1572add0ec04606613a70ef

    • SHA256

      de39140ed6443ed440847750713bf78af2094bb59691eca90da85b3851a4ae2e

    • SHA512

      831354704c1294e8a2a886c1924fee61b2a3ba6bf041a4225ece006e2bf352e5273899d3d4e64ad0e9f38d7772694d6db17ecc12fa372cbf7bef0d3a310f61ec

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks