General

  • Target

    348e8514c542ee4534e8339584c5d4f1925edf30fd4317110e805ed771bdb385

  • Size

    966KB

  • Sample

    210419-p4tthgvfya

  • MD5

    98c9f60ca8a6fe5d149e8b103b254cee

  • SHA1

    c6886d5ec94c2cdde3ee73156f8c6a33446860e4

  • SHA256

    348e8514c542ee4534e8339584c5d4f1925edf30fd4317110e805ed771bdb385

  • SHA512

    e833c6e79e33d0c06a90f70f36f9ca364dfd189c4bbb3a72e85eb8f3627b8c0724d307d11a610cffff5cdfdd044acdf16f3e5acf5bf1ca43abeef56d40f20b5c

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

146.185.170.249:443

62.75.251.60:6601

185.148.168.25:2303

rc4.plain
rc4.plain

Targets

    • Target

      348e8514c542ee4534e8339584c5d4f1925edf30fd4317110e805ed771bdb385

    • Size

      966KB

    • MD5

      98c9f60ca8a6fe5d149e8b103b254cee

    • SHA1

      c6886d5ec94c2cdde3ee73156f8c6a33446860e4

    • SHA256

      348e8514c542ee4534e8339584c5d4f1925edf30fd4317110e805ed771bdb385

    • SHA512

      e833c6e79e33d0c06a90f70f36f9ca364dfd189c4bbb3a72e85eb8f3627b8c0724d307d11a610cffff5cdfdd044acdf16f3e5acf5bf1ca43abeef56d40f20b5c

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks