General

  • Target

    9d70d7f8d45fed6388aad5a899434ad9c2cc62879629928e04bb4650e2e2cc25

  • Size

    196KB

  • Sample

    210304-2bf1b3qdqn

  • MD5

    a2d475831fa6d01215536a2e33ff8c83

  • SHA1

    de017ff0f75ea4c84d28adb5afd91675f9c26062

  • SHA256

    9d70d7f8d45fed6388aad5a899434ad9c2cc62879629928e04bb4650e2e2cc25

  • SHA512

    39a1b6be983e3477fc33d1e8d37f7aee95387077a7ac1861b8b7dd55eb6e4839bd8b6390490052e0571e0582e913b6b60e28bdfa3592bfe4f0a163811b565725

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      9d70d7f8d45fed6388aad5a899434ad9c2cc62879629928e04bb4650e2e2cc25

    • Size

      196KB

    • MD5

      a2d475831fa6d01215536a2e33ff8c83

    • SHA1

      de017ff0f75ea4c84d28adb5afd91675f9c26062

    • SHA256

      9d70d7f8d45fed6388aad5a899434ad9c2cc62879629928e04bb4650e2e2cc25

    • SHA512

      39a1b6be983e3477fc33d1e8d37f7aee95387077a7ac1861b8b7dd55eb6e4839bd8b6390490052e0571e0582e913b6b60e28bdfa3592bfe4f0a163811b565725

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks