General

  • Target

    6e1f7390466479422f84acdcaa84a33da65ec60d8e8e64d588404e9ec85d38dd

  • Size

    196KB

  • Sample

    210305-gl4h2ca6a6

  • MD5

    a911db267857a504e53afc4bd6f7815e

  • SHA1

    2ef7d72436383ed1fdb4c7a7f58dadb34235fb2a

  • SHA256

    6e1f7390466479422f84acdcaa84a33da65ec60d8e8e64d588404e9ec85d38dd

  • SHA512

    e0b7c4f1b4efa16360feb117a5139a1e68271d4abe1ca442ea57c9746bea8e9ee25981a56fce425d13b1dec9a0cda59927b71bbb656cae60252d719fcb5be9f4

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      6e1f7390466479422f84acdcaa84a33da65ec60d8e8e64d588404e9ec85d38dd

    • Size

      196KB

    • MD5

      a911db267857a504e53afc4bd6f7815e

    • SHA1

      2ef7d72436383ed1fdb4c7a7f58dadb34235fb2a

    • SHA256

      6e1f7390466479422f84acdcaa84a33da65ec60d8e8e64d588404e9ec85d38dd

    • SHA512

      e0b7c4f1b4efa16360feb117a5139a1e68271d4abe1ca442ea57c9746bea8e9ee25981a56fce425d13b1dec9a0cda59927b71bbb656cae60252d719fcb5be9f4

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks