General

  • Target

    ef74ea831d788c055bf7b124d77f5070da4e950cb86a922e3ac4008cfaa8e707

  • Size

    196KB

  • Sample

    210403-2z78amyh5e

  • MD5

    130565d23dd71ba89e697c7ecc6725a4

  • SHA1

    44a5b9bd927e8d6640b940dbeedc39dd0661147a

  • SHA256

    ef74ea831d788c055bf7b124d77f5070da4e950cb86a922e3ac4008cfaa8e707

  • SHA512

    88b603ce938c39516c8d3299173e3c78160aa17e3e4c3c330e08bc3392509078d7e049860885300134b0866a07d52020be3768cc711eab36e3f15d6dae4cba79

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      ef74ea831d788c055bf7b124d77f5070da4e950cb86a922e3ac4008cfaa8e707

    • Size

      196KB

    • MD5

      130565d23dd71ba89e697c7ecc6725a4

    • SHA1

      44a5b9bd927e8d6640b940dbeedc39dd0661147a

    • SHA256

      ef74ea831d788c055bf7b124d77f5070da4e950cb86a922e3ac4008cfaa8e707

    • SHA512

      88b603ce938c39516c8d3299173e3c78160aa17e3e4c3c330e08bc3392509078d7e049860885300134b0866a07d52020be3768cc711eab36e3f15d6dae4cba79

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks