a1b14e952a770dafb8ce9f50a3384a7da61e0ee0281aa7340680c14eecbc7793

General
Target

a1b14e952a770dafb8ce9f50a3384a7da61e0ee0281aa7340680c14eecbc7793

Size

196KB

Sample

210304-mvrj9ptb32

Score
10 /10
MD5

5b47ae2be46b08d04796ffa7d8ae732e

SHA1

830f3f929afb0bf26c21d4d04c5a635bf0361321

SHA256

a1b14e952a770dafb8ce9f50a3384a7da61e0ee0281aa7340680c14eecbc7793

SHA512

8c0be95b92cd314abe03ea5247d990d537397bb6ba76f99cd4680b2639cdef54c8a1ab8c4b49adee3247a11100c43ea0cfd11b10ff70bae440a0b64e32e46e1b

Malware Config

Extracted

Family dridex
Botnet 111
C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516
rc4.plain
rc4.plain
Targets
Target

a1b14e952a770dafb8ce9f50a3384a7da61e0ee0281aa7340680c14eecbc7793

MD5

5b47ae2be46b08d04796ffa7d8ae732e

Filesize

196KB

Score
10 /10
SHA1

830f3f929afb0bf26c21d4d04c5a635bf0361321

SHA256

a1b14e952a770dafb8ce9f50a3384a7da61e0ee0281aa7340680c14eecbc7793

SHA512

8c0be95b92cd314abe03ea5247d990d537397bb6ba76f99cd4680b2639cdef54c8a1ab8c4b49adee3247a11100c43ea0cfd11b10ff70bae440a0b64e32e46e1b

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Blocklisted process makes network request

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

behavioral1 behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation