a8fee149ef35b4ef6f905b8966802a66.exe

General
Target

a8fee149ef35b4ef6f905b8966802a66.exe

Size

899KB

Sample

210920-n91s6sgfep

Score
10 /10
MD5

a8fee149ef35b4ef6f905b8966802a66

SHA1

16dfd72d0acf534a0c402d4a6fd4a0c68117fc5b

SHA256

d3272e0e7a5ea32d4276901bcf10767f4293dd067d70393b305966e17f9e4ac9

SHA512

ef7059618e90bad8fc8aa03bc3063daf00f437110cff7b7449961dd2bc7174795d5f01568ab6550dcd9d5c24fe902797481dae86f196beafcb3f2be51dcea53d

Malware Config

Extracted

Family dridex
Botnet 10111
C2

212.39.115.102:9676

54.37.84.240:10172

156.67.220.186:6225

rc4.plain
rc4.plain
Targets
Target

a8fee149ef35b4ef6f905b8966802a66.exe

MD5

a8fee149ef35b4ef6f905b8966802a66

Filesize

899KB

Score
10 /10
SHA1

16dfd72d0acf534a0c402d4a6fd4a0c68117fc5b

SHA256

d3272e0e7a5ea32d4276901bcf10767f4293dd067d70393b305966e17f9e4ac9

SHA512

ef7059618e90bad8fc8aa03bc3063daf00f437110cff7b7449961dd2bc7174795d5f01568ab6550dcd9d5c24fe902797481dae86f196beafcb3f2be51dcea53d

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation