General

  • Target

    fc123e475bd0c2dc00c470651ed35e56098a164c8a011d1387067019512e9b6d

  • Size

    196KB

  • Sample

    210305-df799wnx4s

  • MD5

    7e29411fb147a05d8b6c9c3e983b263b

  • SHA1

    799506a393a9907a6aa1ddc66ff41eaba2d902e5

  • SHA256

    fc123e475bd0c2dc00c470651ed35e56098a164c8a011d1387067019512e9b6d

  • SHA512

    2a4aecd0c1fb7fc9ebed7ee2fda25c30a085b568216bff43fd93590d32c737749710e53a7c4824408c8333b81f3dac2e0fc781b7b77ca3ae41c9292c213792e3

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      fc123e475bd0c2dc00c470651ed35e56098a164c8a011d1387067019512e9b6d

    • Size

      196KB

    • MD5

      7e29411fb147a05d8b6c9c3e983b263b

    • SHA1

      799506a393a9907a6aa1ddc66ff41eaba2d902e5

    • SHA256

      fc123e475bd0c2dc00c470651ed35e56098a164c8a011d1387067019512e9b6d

    • SHA512

      2a4aecd0c1fb7fc9ebed7ee2fda25c30a085b568216bff43fd93590d32c737749710e53a7c4824408c8333b81f3dac2e0fc781b7b77ca3ae41c9292c213792e3

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks