General

  • Target

    a1b14e952a770dafb8ce9f50a3384a7da61e0ee0281aa7340680c14eecbc7793

  • Size

    196KB

  • Sample

    210304-mvrj9ptb32

  • MD5

    5b47ae2be46b08d04796ffa7d8ae732e

  • SHA1

    830f3f929afb0bf26c21d4d04c5a635bf0361321

  • SHA256

    a1b14e952a770dafb8ce9f50a3384a7da61e0ee0281aa7340680c14eecbc7793

  • SHA512

    8c0be95b92cd314abe03ea5247d990d537397bb6ba76f99cd4680b2639cdef54c8a1ab8c4b49adee3247a11100c43ea0cfd11b10ff70bae440a0b64e32e46e1b

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      a1b14e952a770dafb8ce9f50a3384a7da61e0ee0281aa7340680c14eecbc7793

    • Size

      196KB

    • MD5

      5b47ae2be46b08d04796ffa7d8ae732e

    • SHA1

      830f3f929afb0bf26c21d4d04c5a635bf0361321

    • SHA256

      a1b14e952a770dafb8ce9f50a3384a7da61e0ee0281aa7340680c14eecbc7793

    • SHA512

      8c0be95b92cd314abe03ea5247d990d537397bb6ba76f99cd4680b2639cdef54c8a1ab8c4b49adee3247a11100c43ea0cfd11b10ff70bae440a0b64e32e46e1b

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks