fc123e475bd0c2dc00c470651ed35e56098a164c8a011d1387067019512e9b6d

General
Target

fc123e475bd0c2dc00c470651ed35e56098a164c8a011d1387067019512e9b6d

Size

196KB

Sample

210305-pt3rc2pw52

Score
10 /10
MD5

7e29411fb147a05d8b6c9c3e983b263b

SHA1

799506a393a9907a6aa1ddc66ff41eaba2d902e5

SHA256

fc123e475bd0c2dc00c470651ed35e56098a164c8a011d1387067019512e9b6d

SHA512

2a4aecd0c1fb7fc9ebed7ee2fda25c30a085b568216bff43fd93590d32c737749710e53a7c4824408c8333b81f3dac2e0fc781b7b77ca3ae41c9292c213792e3

Malware Config

Extracted

Family dridex
Botnet 111
C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain
Targets
Target

fc123e475bd0c2dc00c470651ed35e56098a164c8a011d1387067019512e9b6d

MD5

7e29411fb147a05d8b6c9c3e983b263b

Filesize

196KB

Score
10 /10
SHA1

799506a393a9907a6aa1ddc66ff41eaba2d902e5

SHA256

fc123e475bd0c2dc00c470651ed35e56098a164c8a011d1387067019512e9b6d

SHA512

2a4aecd0c1fb7fc9ebed7ee2fda25c30a085b568216bff43fd93590d32c737749710e53a7c4824408c8333b81f3dac2e0fc781b7b77ca3ae41c9292c213792e3

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Blocklisted process makes network request

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation