General

  • Target

    22ace8e62742ddca85fdb3f58ef0bf5e13b8a4b41b73be252db6b8e4091baec7

  • Size

    188KB

  • Sample

    210224-s8heaay5ka

  • MD5

    b82c7cc0f6f2dbb5f6f0c17a93a4935c

  • SHA1

    b33aa86152c301bf1edcaf51e09139c6e0a545f5

  • SHA256

    22ace8e62742ddca85fdb3f58ef0bf5e13b8a4b41b73be252db6b8e4091baec7

  • SHA512

    85d86a73826646445f675ecd4b84c5e282ebe65e9525fe3ddb46f6a66fd792b2e97f9bc1dcc0b4bd9063ef18220e8ad0e0150636113804716f6198f0ab9d17d9

Malware Config

Extracted

Family

dridex

Botnet

111

C2

209.151.236.42:443

91.121.94.86:8172

5.189.144.136:6516

rc4.plain
rc4.plain

Targets

    • Target

      22ace8e62742ddca85fdb3f58ef0bf5e13b8a4b41b73be252db6b8e4091baec7

    • Size

      188KB

    • MD5

      b82c7cc0f6f2dbb5f6f0c17a93a4935c

    • SHA1

      b33aa86152c301bf1edcaf51e09139c6e0a545f5

    • SHA256

      22ace8e62742ddca85fdb3f58ef0bf5e13b8a4b41b73be252db6b8e4091baec7

    • SHA512

      85d86a73826646445f675ecd4b84c5e282ebe65e9525fe3ddb46f6a66fd792b2e97f9bc1dcc0b4bd9063ef18220e8ad0e0150636113804716f6198f0ab9d17d9

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks