General

  • Target

    ada60dcfe05fe2b8d883f498e19649b147cc7503d32a75c226f82efb0dacbbe2

  • Size

    188KB

  • Sample

    210225-w21ay7z4r6

  • MD5

    5f112d9917735df6045d96659f84f4ca

  • SHA1

    806f8dafd3a9039a0e614d6b9a45930140b3a846

  • SHA256

    ada60dcfe05fe2b8d883f498e19649b147cc7503d32a75c226f82efb0dacbbe2

  • SHA512

    319b746585754036071281dac746428f1ed044d02070d1970e820278d1356d6ad146423a2dd25cea9ea46788d18348fb8a7db24521ec066b328830e6c603f5f6

Malware Config

Extracted

Family

dridex

Botnet

111

C2

209.151.236.42:443

91.121.94.86:8172

5.189.144.136:6516

rc4.plain
rc4.plain

Targets

    • Target

      ada60dcfe05fe2b8d883f498e19649b147cc7503d32a75c226f82efb0dacbbe2

    • Size

      188KB

    • MD5

      5f112d9917735df6045d96659f84f4ca

    • SHA1

      806f8dafd3a9039a0e614d6b9a45930140b3a846

    • SHA256

      ada60dcfe05fe2b8d883f498e19649b147cc7503d32a75c226f82efb0dacbbe2

    • SHA512

      319b746585754036071281dac746428f1ed044d02070d1970e820278d1356d6ad146423a2dd25cea9ea46788d18348fb8a7db24521ec066b328830e6c603f5f6

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks