General

  • Target

    c6784abd48dc7e4cbaf9387e2feb04132482412051b7df24f06d4860234107ad

  • Size

    196KB

  • Sample

    210304-33ykhesbqs

  • MD5

    8440469645ebb3770dc1ccd744bb44c6

  • SHA1

    5b1e7f3792c1b2214e317d2d060884b3c6d6194e

  • SHA256

    c6784abd48dc7e4cbaf9387e2feb04132482412051b7df24f06d4860234107ad

  • SHA512

    115bd9b2c695b579fea66eb3f133b3a98e5c2e49ad0a356216cc464f27f56572daec6505b38d465cb98f3c8f41272585f49b921f8a1905cda59140435ed89fb0

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      c6784abd48dc7e4cbaf9387e2feb04132482412051b7df24f06d4860234107ad

    • Size

      196KB

    • MD5

      8440469645ebb3770dc1ccd744bb44c6

    • SHA1

      5b1e7f3792c1b2214e317d2d060884b3c6d6194e

    • SHA256

      c6784abd48dc7e4cbaf9387e2feb04132482412051b7df24f06d4860234107ad

    • SHA512

      115bd9b2c695b579fea66eb3f133b3a98e5c2e49ad0a356216cc464f27f56572daec6505b38d465cb98f3c8f41272585f49b921f8a1905cda59140435ed89fb0

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks