General

  • Target

    xl5g3.bin.zip

  • Size

    295KB

  • Sample

    210527-jttv2ybtqn

  • MD5

    ef98e4e6bb8327c07fa863a2c7ec6078

  • SHA1

    f7820f5a6d0394c1ec2b0ecc5c022e9d805eeaf0

  • SHA256

    ffc728cec0977a3d9dcd021d2c826ff30166afc669d4681af8920af6994ba090

  • SHA512

    f39531ae05f6d40fa0570d293eb90c3dce42155d3fd340b2bd6a0b072453ba0b7b6cebafd012e760c876997d0c487f169a91c9e82375dcf26d6dfcf07de885de

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

185.56.219.68:13783

137.74.164.58:4125

88.198.65.124:2303

rc4.plain
rc4.plain

Targets

    • Target

      xl5g3.bin

    • Size

      1.2MB

    • MD5

      cb2f6d54a1f149fb2a84c094bb0f1e6d

    • SHA1

      01753d3a62b35ea990b0eb8998c5d331f36feae6

    • SHA256

      9a63bcc83539e33235f78a8628bb4a415d18b893c692531362aed57bda3af427

    • SHA512

      b8177b7ff9ee34c7197726fc89ca7dae84004d51b2d5dca0c3b6a2a3e744dbe2520a05267662d9b020718534ac3c3a14acdf043581cd8580cf36d6e05bf2b5eb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks