General

  • Target

    5348aa90f4c7097ea7f53aad9ecfcd1f5847b755e535ef59f07527b273e65fe0

  • Size

    196KB

  • Sample

    210403-e9x3vzcw22

  • MD5

    418105d402929f4ebc6fbc33cc01b052

  • SHA1

    6a888162ecc8ae448782ca205e6487d11f04d2de

  • SHA256

    5348aa90f4c7097ea7f53aad9ecfcd1f5847b755e535ef59f07527b273e65fe0

  • SHA512

    7a2b3269ba7a2bedc6de776fa122ae8c2dc3fb89792e54a9605fe8538e564d7418a18df1dd6fe5079fabaebec97913b5f167f64ce0bab3803c2c53ccaa1fb08d

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      5348aa90f4c7097ea7f53aad9ecfcd1f5847b755e535ef59f07527b273e65fe0

    • Size

      196KB

    • MD5

      418105d402929f4ebc6fbc33cc01b052

    • SHA1

      6a888162ecc8ae448782ca205e6487d11f04d2de

    • SHA256

      5348aa90f4c7097ea7f53aad9ecfcd1f5847b755e535ef59f07527b273e65fe0

    • SHA512

      7a2b3269ba7a2bedc6de776fa122ae8c2dc3fb89792e54a9605fe8538e564d7418a18df1dd6fe5079fabaebec97913b5f167f64ce0bab3803c2c53ccaa1fb08d

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks