General

  • Target

    50df8be8a37f5f41e2ff36a747dd5e372b400444673d8359fc64a48786526624

  • Size

    1.3MB

  • Sample

    210412-36dtrt89hs

  • MD5

    a5a2a0ac915966ab32b9e9f695126a52

  • SHA1

    869854919007c3f0c2774510996c49fc826701c2

  • SHA256

    50df8be8a37f5f41e2ff36a747dd5e372b400444673d8359fc64a48786526624

  • SHA512

    5d4f713a57fbe48d4580269c4580c3d4d5c1c3ea03365b0452d4fdc2b89e26c719e7bd982d9a98358079e18524e18946694489717540566882088591429739ad

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

131.100.24.231:443

188.165.17.91:8443

185.148.169.10:2303

rc4.plain
rc4.plain

Targets

    • Target

      50df8be8a37f5f41e2ff36a747dd5e372b400444673d8359fc64a48786526624

    • Size

      1.3MB

    • MD5

      a5a2a0ac915966ab32b9e9f695126a52

    • SHA1

      869854919007c3f0c2774510996c49fc826701c2

    • SHA256

      50df8be8a37f5f41e2ff36a747dd5e372b400444673d8359fc64a48786526624

    • SHA512

      5d4f713a57fbe48d4580269c4580c3d4d5c1c3ea03365b0452d4fdc2b89e26c719e7bd982d9a98358079e18524e18946694489717540566882088591429739ad

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks