General
Target
Filesize
Completed
Task
5b478c97213c493e88ad38fa017db4ab.exe
1MB
04-07-2021 07:11
behavioral2
Score
10/10
MD5
SHA1
SHA256
SHA256
5b478c97213c493e88ad38fa017db4ab
219474316e41df563322149b653cb160c0d49167
fe9f82e1175d3a18ca3e0244318d2e485ed7a51b475bc366ba768af62a83d875
58e8fb42a92620a1ec67169d5214409eec3b873634a3fe0c98889ed25401ab0cc97a0bcec16d31eefc1b8706cfc9e2ecd8271c5932f0c861f1f10bd57b62d16f
Malware Config
Extracted
Family | dridex |
Botnet | 10111 |
C2 |
104.168.155.129:443 142.4.219.173:4664 176.31.117.84:9443 |
rc4.plain |
|
rc4.plain |
|
Signatures 3
Filter: none
Discovery
-
Dridex
Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
Tags
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Checks whether UAC is enabled5b478c97213c493e88ad38fa017db4ab.exe
Tags
TTPs
Reported IOCs
description ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 5b478c97213c493e88ad38fa017db4ab.exe
Processes 1
-
C:\Users\Admin\AppData\Local\Temp\5b478c97213c493e88ad38fa017db4ab.exe"C:\Users\Admin\AppData\Local\Temp\5b478c97213c493e88ad38fa017db4ab.exe"Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/584-115-0x0000000000400000-0x0000000000508000-memory.dmp
-
memory/584-114-0x0000000000670000-0x00000000006AC000-memory.dmp
Title
Loading data