a926ce002ec36ee94869a97ffe6c5ca9.exe

General
Target

a926ce002ec36ee94869a97ffe6c5ca9.exe

Size

1MB

Sample

210905-glxy2sfef4

Score
10 /10
MD5

a926ce002ec36ee94869a97ffe6c5ca9

SHA1

aee181b411d3115d3d848b6b958f4749a5720b50

SHA256

2fef01ec46bc56992c5719d335add15e15b3329790b943f52df9c340a1b6b369

SHA512

9095c9850bacc788c41d67b6a180c254d8aa6b626ac2de7a9fe46d3a8f705aedb6d95873570070ae5d96fc414b1f2d1e48de0d416285168594f8316992e1ff7e

Malware Config

Extracted

Family dridex
Botnet 10111
C2

207.154.208.93:6225

103.92.200.13:9676

45.80.173.80:9676

rc4.plain
rc4.plain
Targets
Target

a926ce002ec36ee94869a97ffe6c5ca9.exe

MD5

a926ce002ec36ee94869a97ffe6c5ca9

Filesize

1MB

Score
10 /10
SHA1

aee181b411d3115d3d848b6b958f4749a5720b50

SHA256

2fef01ec46bc56992c5719d335add15e15b3329790b943f52df9c340a1b6b369

SHA512

9095c9850bacc788c41d67b6a180c254d8aa6b626ac2de7a9fe46d3a8f705aedb6d95873570070ae5d96fc414b1f2d1e48de0d416285168594f8316992e1ff7e

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation