General

  • Target

    qCurrencyTrailingZeros.bin

  • Size

    173KB

  • Sample

    210727-gp211e8mdn

  • MD5

    71571c1702739aa58db4c5ac426c9817

  • SHA1

    24b25a50153f98d95c81e6a49648b778891caf35

  • SHA256

    828d60f696d4ee8c80b6a17a3b2462a744d87297b8016488ef67dc20ca86a5be

  • SHA512

    ded731b963949fcb69c19333acad21e87540561e1c06ba2499a68355d64c87f0bcba5b4dc10ca1f212e8578b677480c2f1443984b2bee8fd31e505055d624b47

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain
rc4.plain

Targets

    • Target

      qCurrencyTrailingZeros.bin

    • Size

      173KB

    • MD5

      71571c1702739aa58db4c5ac426c9817

    • SHA1

      24b25a50153f98d95c81e6a49648b778891caf35

    • SHA256

      828d60f696d4ee8c80b6a17a3b2462a744d87297b8016488ef67dc20ca86a5be

    • SHA512

      ded731b963949fcb69c19333acad21e87540561e1c06ba2499a68355d64c87f0bcba5b4dc10ca1f212e8578b677480c2f1443984b2bee8fd31e505055d624b47

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks