General

  • Target

    eae537de7f5de3a3f3eb0b5021c78cc2e951186bf8411d045eab1ac9c6cc62f8

  • Size

    1.1MB

  • Sample

    210420-ea4e4l2st6

  • MD5

    e6b7ec0dd1cd7b8f7c08ec2d4d369d8d

  • SHA1

    6da00a5ce8acc27e9fef642c932153dc8f152f6b

  • SHA256

    eae537de7f5de3a3f3eb0b5021c78cc2e951186bf8411d045eab1ac9c6cc62f8

  • SHA512

    4a44fb582fff394d0bc6039aa392fa7164d47f8e2720f3214f4258c048715fe7ef64b0d9f35eb9ca1e8e29ab4698d0a1b1ab621dcd96cf6d00830a93a80ae623

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

146.185.170.249:443

62.75.251.60:6601

185.148.168.25:2303

rc4.plain
rc4.plain

Targets

    • Target

      eae537de7f5de3a3f3eb0b5021c78cc2e951186bf8411d045eab1ac9c6cc62f8

    • Size

      1.1MB

    • MD5

      e6b7ec0dd1cd7b8f7c08ec2d4d369d8d

    • SHA1

      6da00a5ce8acc27e9fef642c932153dc8f152f6b

    • SHA256

      eae537de7f5de3a3f3eb0b5021c78cc2e951186bf8411d045eab1ac9c6cc62f8

    • SHA512

      4a44fb582fff394d0bc6039aa392fa7164d47f8e2720f3214f4258c048715fe7ef64b0d9f35eb9ca1e8e29ab4698d0a1b1ab621dcd96cf6d00830a93a80ae623

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks