3d3f1272e9a4df7b1de123b9ed551860b00f5ace6d449b7f78c98ca5c7027d69

General
Target

3d3f1272e9a4df7b1de123b9ed551860b00f5ace6d449b7f78c98ca5c7027d69

Size

168KB

Sample

210305-66pcv58acs

Score
10 /10
MD5

84b5530f6f18391bcf54d2cdfc39eca4

SHA1

dfe936981c6d7076238e2ce6ba929a2e24dcbe7a

SHA256

3d3f1272e9a4df7b1de123b9ed551860b00f5ace6d449b7f78c98ca5c7027d69

SHA512

2169e3b25886d15d5965c59335b89532bfbbffbe5a3c24f5b917c83c48e3146a5f88e989ce623761c37279921419bf58306b1bbec9d7af190886f5a2d98cc28e

Malware Config

Extracted

Family dridex
Botnet 111
C2

173.203.78.138:443

217.160.107.189:6601

77.220.64.150:5037

rc4.plain
rc4.plain
Targets
Target

3d3f1272e9a4df7b1de123b9ed551860b00f5ace6d449b7f78c98ca5c7027d69

MD5

84b5530f6f18391bcf54d2cdfc39eca4

Filesize

168KB

Score
10 /10
SHA1

dfe936981c6d7076238e2ce6ba929a2e24dcbe7a

SHA256

3d3f1272e9a4df7b1de123b9ed551860b00f5ace6d449b7f78c98ca5c7027d69

SHA512

2169e3b25886d15d5965c59335b89532bfbbffbe5a3c24f5b917c83c48e3146a5f88e989ce623761c37279921419bf58306b1bbec9d7af190886f5a2d98cc28e

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Blocklisted process makes network request

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation