General

  • Target

    ig8aq.bin.zip

  • Size

    235KB

  • Sample

    210427-jqpr1r3166

  • MD5

    c52be30fd9f937a4a3ffe522403884a9

  • SHA1

    78d1d205beff98912bbec15150be98a6737b33d1

  • SHA256

    521f7111ad2ca7351acb3c7517801452acdbdbd17d998c75c930f3fe79c04de9

  • SHA512

    255c6dfa0db0d6766de0ff4600cf7d2a69b41169e0cbdc92b2bd12725d6f6d7e2026d3002bf3bc0c27eb270f18278726d0eeaa27d4d2eb1a0caff971955fd520

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

210.65.244.187:443

1.234.2.232:6601

rc4.plain
rc4.plain

Targets

    • Target

      ig8aq.bin

    • Size

      1MB

    • MD5

      7c4ea65f780e48dbd15eda1a79f88a3a

    • SHA1

      c30c4e608e2a2c1d8135f065fc1749acf15a28c3

    • SHA256

      28fc793813f9a7430adbfe18aaac88eb121561548ad7f1133ae81ef016dc070f

    • SHA512

      40e3c9ef68087a6baa27397c35dffa985d940f0264cb453c2ab7b5aea7771300401ee37e42afec7885276da656672a072ae11ef7996491159bb6e641614a0391

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks