General

  • Target

    0565a0af257b3e3807d8016bab982136c067ba2f268671f91db63d4820f687db

  • Size

    196KB

  • Sample

    210304-6qv5p6whxx

  • MD5

    9c70441bf36878a3206b9d024bb7f9fb

  • SHA1

    033fe35e3ab0bd7f4d537c0558ebbe27712ce7f1

  • SHA256

    0565a0af257b3e3807d8016bab982136c067ba2f268671f91db63d4820f687db

  • SHA512

    de9d06bf2a0b8215145535fac5c4f0eddf24c1102f6ee3c0ff34d49b1a34c555108bd10603c5fbb2499c9c93e345fb1556b7e9cd987d8932806fbf7e6ddd70ca

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      0565a0af257b3e3807d8016bab982136c067ba2f268671f91db63d4820f687db

    • Size

      196KB

    • MD5

      9c70441bf36878a3206b9d024bb7f9fb

    • SHA1

      033fe35e3ab0bd7f4d537c0558ebbe27712ce7f1

    • SHA256

      0565a0af257b3e3807d8016bab982136c067ba2f268671f91db63d4820f687db

    • SHA512

      de9d06bf2a0b8215145535fac5c4f0eddf24c1102f6ee3c0ff34d49b1a34c555108bd10603c5fbb2499c9c93e345fb1556b7e9cd987d8932806fbf7e6ddd70ca

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks