8230fa8e285de94d91f14bd97c437262fea073866329c6324b29de276c040e8d

General
Target

8230fa8e285de94d91f14bd97c437262fea073866329c6324b29de276c040e8d

Size

196KB

Sample

210305-greyk9ldfx

Score
10 /10
MD5

0e2d51ae06f990cb927e7fa8bfb2e3f3

SHA1

fcb4c03c752d778ac1e09f6a1f55cc92a3d632a8

SHA256

8230fa8e285de94d91f14bd97c437262fea073866329c6324b29de276c040e8d

SHA512

f5c4ecc80211a402144222c7d582dd81dffd724478e6155019a3d03fbef7fc2c0bc266f059a6cbb8ad68ca56f4e46ead05e62b465169d2d07ccb8a52756d7a6b

Malware Config

Extracted

Family dridex
Botnet 111
C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain
Targets
Target

8230fa8e285de94d91f14bd97c437262fea073866329c6324b29de276c040e8d

MD5

0e2d51ae06f990cb927e7fa8bfb2e3f3

Filesize

196KB

Score
10 /10
SHA1

fcb4c03c752d778ac1e09f6a1f55cc92a3d632a8

SHA256

8230fa8e285de94d91f14bd97c437262fea073866329c6324b29de276c040e8d

SHA512

f5c4ecc80211a402144222c7d582dd81dffd724478e6155019a3d03fbef7fc2c0bc266f059a6cbb8ad68ca56f4e46ead05e62b465169d2d07ccb8a52756d7a6b

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Blocklisted process makes network request

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation