General

  • Target

    5f80d551692be4edfe112eb799f0ca2d5397f790ddeeb13f0c37b9859bd6510e

  • Size

    196KB

  • Sample

    210304-vwnkjmejzj

  • MD5

    355b6a54bc488d9423a0b3423447c5e5

  • SHA1

    ae84f2f32f02e204d1498946e530a2575bafd284

  • SHA256

    5f80d551692be4edfe112eb799f0ca2d5397f790ddeeb13f0c37b9859bd6510e

  • SHA512

    5f6c9e58d6155ab1718ac726e1aef77ff6efe8e95d20806f5e138a60a86d20368b485966dc240d38ad72f3ff00d7fd1814dd5efdd6954537604ccc42c426b84b

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      5f80d551692be4edfe112eb799f0ca2d5397f790ddeeb13f0c37b9859bd6510e

    • Size

      196KB

    • MD5

      355b6a54bc488d9423a0b3423447c5e5

    • SHA1

      ae84f2f32f02e204d1498946e530a2575bafd284

    • SHA256

      5f80d551692be4edfe112eb799f0ca2d5397f790ddeeb13f0c37b9859bd6510e

    • SHA512

      5f6c9e58d6155ab1718ac726e1aef77ff6efe8e95d20806f5e138a60a86d20368b485966dc240d38ad72f3ff00d7fd1814dd5efdd6954537604ccc42c426b84b

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks