General

  • Target

    399f30c197f921169d05cac05c5eb564ae99268dc98eedc2ca049546f746f4cc

  • Size

    188KB

  • Sample

    210303-klm2x2np5e

  • MD5

    f87572cd430b017a6f8a06567d85e59d

  • SHA1

    5430830cbf520b585c9a38e50fdb5b92e8af08ed

  • SHA256

    399f30c197f921169d05cac05c5eb564ae99268dc98eedc2ca049546f746f4cc

  • SHA512

    4e1ef714fd09accb64f15df5f3c21b6080da5d46f62fb0546e2d46d6defa9b1a7779856a51436570da555a9fd6f821c69b4d372672deea9ec91b00d59efa6680

Malware Config

Extracted

Family

dridex

Botnet

111

C2

116.251.211.158:443

216.10.242.142:6601

37.247.35.137:6601

rc4.plain
rc4.plain

Targets

    • Target

      399f30c197f921169d05cac05c5eb564ae99268dc98eedc2ca049546f746f4cc

    • Size

      188KB

    • MD5

      f87572cd430b017a6f8a06567d85e59d

    • SHA1

      5430830cbf520b585c9a38e50fdb5b92e8af08ed

    • SHA256

      399f30c197f921169d05cac05c5eb564ae99268dc98eedc2ca049546f746f4cc

    • SHA512

      4e1ef714fd09accb64f15df5f3c21b6080da5d46f62fb0546e2d46d6defa9b1a7779856a51436570da555a9fd6f821c69b4d372672deea9ec91b00d59efa6680

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks