General

  • Target

    ef3889c1d6626e8b8bcc04f981a5e4cad006b6b3a088f16b477b33070746bf6c

  • Size

    196KB

  • Sample

    210403-wz4pf41a9s

  • MD5

    62098a4f3834aee27f4e837aac4e5268

  • SHA1

    9d234884167cf7d64cf5ecf757d73487ed15ff0e

  • SHA256

    ef3889c1d6626e8b8bcc04f981a5e4cad006b6b3a088f16b477b33070746bf6c

  • SHA512

    a7e4cea1879d72a20ee3af93330767e6ff84776d16a39a47a1239c6ab4990a9981fdd919b45062db101ec6ac78848ac40a0f2fb278c77f8f2b60092004cd9e2c

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      ef3889c1d6626e8b8bcc04f981a5e4cad006b6b3a088f16b477b33070746bf6c

    • Size

      196KB

    • MD5

      62098a4f3834aee27f4e837aac4e5268

    • SHA1

      9d234884167cf7d64cf5ecf757d73487ed15ff0e

    • SHA256

      ef3889c1d6626e8b8bcc04f981a5e4cad006b6b3a088f16b477b33070746bf6c

    • SHA512

      a7e4cea1879d72a20ee3af93330767e6ff84776d16a39a47a1239c6ab4990a9981fdd919b45062db101ec6ac78848ac40a0f2fb278c77f8f2b60092004cd9e2c

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks