General

  • Target

    9f6f247a6eb4626ec657c75b37cf4887283f988f1a64e914f6447437cbbc4ba4

  • Size

    1.1MB

  • Sample

    210420-flta5b139s

  • MD5

    9d6228117a677fcc222206166e0cf34e

  • SHA1

    56e1cddea321ebbba17af9d64cdffcf443704a51

  • SHA256

    9f6f247a6eb4626ec657c75b37cf4887283f988f1a64e914f6447437cbbc4ba4

  • SHA512

    f98b1da574267a66ce7c890b6b53af0479f5aeeba0fa37515eeecb609723e062bd1722eada0f9a8f6c52b924fd8a6ea1c940cfab07debdb4e31ca88964a76452

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

146.185.170.249:443

62.75.251.60:6601

185.148.168.25:2303

rc4.plain
rc4.plain

Targets

    • Target

      9f6f247a6eb4626ec657c75b37cf4887283f988f1a64e914f6447437cbbc4ba4

    • Size

      1.1MB

    • MD5

      9d6228117a677fcc222206166e0cf34e

    • SHA1

      56e1cddea321ebbba17af9d64cdffcf443704a51

    • SHA256

      9f6f247a6eb4626ec657c75b37cf4887283f988f1a64e914f6447437cbbc4ba4

    • SHA512

      f98b1da574267a66ce7c890b6b53af0479f5aeeba0fa37515eeecb609723e062bd1722eada0f9a8f6c52b924fd8a6ea1c940cfab07debdb4e31ca88964a76452

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks