General

  • Target

    b2d315587d25a170d661ad957fefde6dc96f01eef19d0b0732e48b4964e78586

  • Size

    196KB

  • Sample

    210403-xmb81mxwte

  • MD5

    0f17bf38aa5fa2ca20bd9a2328a647b2

  • SHA1

    04f5d9671a33a0c4e4e76f672b794f9faac19390

  • SHA256

    b2d315587d25a170d661ad957fefde6dc96f01eef19d0b0732e48b4964e78586

  • SHA512

    090b412812ade1cf79ec2a286e9faad2408b9442f7bc62fe948c3f5131b11ac7c02b68d0357b66ecb82be26677b2c42a6d222ea1e022ad0b675ed7cc3b84ce39

Malware Config

Extracted

Family

dridex

Botnet

111

C2

37.247.35.132:443

50.243.30.51:6601

162.241.204.234:6516

rc4.plain
rc4.plain

Targets

    • Target

      b2d315587d25a170d661ad957fefde6dc96f01eef19d0b0732e48b4964e78586

    • Size

      196KB

    • MD5

      0f17bf38aa5fa2ca20bd9a2328a647b2

    • SHA1

      04f5d9671a33a0c4e4e76f672b794f9faac19390

    • SHA256

      b2d315587d25a170d661ad957fefde6dc96f01eef19d0b0732e48b4964e78586

    • SHA512

      090b412812ade1cf79ec2a286e9faad2408b9442f7bc62fe948c3f5131b11ac7c02b68d0357b66ecb82be26677b2c42a6d222ea1e022ad0b675ed7cc3b84ce39

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks