General

  • Target

    6055160aeae8eb4cee49f45e16498c551af5104124727e42b4b93181a7845a40

  • Size

    196KB

  • Sample

    210403-7b7vgg8yvn

  • MD5

    4c1f78d8ee48ea5913ccef09b8e48185

  • SHA1

    1e763b37d2d2d07e71b1d7f5e065d208b8f08e56

  • SHA256

    6055160aeae8eb4cee49f45e16498c551af5104124727e42b4b93181a7845a40

  • SHA512

    4384700bfa6c173fd12a6174c1522f9955fe573aa273e6bd955476935937b0bfee6cb7d9680fe62381f705da7ab0125c4f74332468b7318fc92662589ce61a64

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      6055160aeae8eb4cee49f45e16498c551af5104124727e42b4b93181a7845a40

    • Size

      196KB

    • MD5

      4c1f78d8ee48ea5913ccef09b8e48185

    • SHA1

      1e763b37d2d2d07e71b1d7f5e065d208b8f08e56

    • SHA256

      6055160aeae8eb4cee49f45e16498c551af5104124727e42b4b93181a7845a40

    • SHA512

      4384700bfa6c173fd12a6174c1522f9955fe573aa273e6bd955476935937b0bfee6cb7d9680fe62381f705da7ab0125c4f74332468b7318fc92662589ce61a64

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks