General

  • Target

    0e5fe8af64b1c5ead75e629b8afd34c0

  • Size

    660KB

  • Sample

    210722-314eqs6k4a

  • MD5

    0e5fe8af64b1c5ead75e629b8afd34c0

  • SHA1

    3f37deb279e3ad45dd7c5c6a8656bbc07cd8157c

  • SHA256

    6ca95953e88828830e9cdecb6f56a1139d7678b3d2bf2c2e32c27ee01cece84e

  • SHA512

    1e5dc477905df85320e06de37900763d276f11d131d818940588f5d65116d1c5c132d56630a3ae7e13df7dc351485d1833178c0c6d154b4b96f2f0d5bc591500

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786

rc4.plain
rc4.plain

Targets

    • Target

      0e5fe8af64b1c5ead75e629b8afd34c0

    • Size

      660KB

    • MD5

      0e5fe8af64b1c5ead75e629b8afd34c0

    • SHA1

      3f37deb279e3ad45dd7c5c6a8656bbc07cd8157c

    • SHA256

      6ca95953e88828830e9cdecb6f56a1139d7678b3d2bf2c2e32c27ee01cece84e

    • SHA512

      1e5dc477905df85320e06de37900763d276f11d131d818940588f5d65116d1c5c132d56630a3ae7e13df7dc351485d1833178c0c6d154b4b96f2f0d5bc591500

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks