General

  • Target

    e265bbda199d75b564b823038f80d49c1df46ccdb6953f72676df555847edd60

  • Size

    188KB

  • Sample

    210225-zjzwnctfvx

  • MD5

    0a5c4f1b33c91de478499f3ee58dcabf

  • SHA1

    3645ba3eb69558119354189a0c132d5cc781d749

  • SHA256

    e265bbda199d75b564b823038f80d49c1df46ccdb6953f72676df555847edd60

  • SHA512

    8659421da509b15c6dd2387b7ab8508ebf3acaa4f1148fed69ada454d7cd44b3eb61d87d34032fd887222294c53f1a1c26770afb33408540ba2c4877ce594fc0

Malware Config

Extracted

Family

dridex

Botnet

111

C2

209.151.236.42:443

91.121.94.86:8172

5.189.144.136:6516

rc4.plain
rc4.plain

Targets

    • Target

      e265bbda199d75b564b823038f80d49c1df46ccdb6953f72676df555847edd60

    • Size

      188KB

    • MD5

      0a5c4f1b33c91de478499f3ee58dcabf

    • SHA1

      3645ba3eb69558119354189a0c132d5cc781d749

    • SHA256

      e265bbda199d75b564b823038f80d49c1df46ccdb6953f72676df555847edd60

    • SHA512

      8659421da509b15c6dd2387b7ab8508ebf3acaa4f1148fed69ada454d7cd44b3eb61d87d34032fd887222294c53f1a1c26770afb33408540ba2c4877ce594fc0

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks