17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea

General
Target

17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea

Size

1MB

Sample

210927-kvsmgagbdr

Score
10 /10
MD5

d446be44cf28f59942f016a2c506de34

SHA1

2e331df29abe48e7cc25791fb92fe81970eae03d

SHA256

17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea

SHA512

e49c8f8e1aa53e749e0a2ce918916a1c0e5dc61456fa43831a6a04497e04d1c0927d50b97fc38642021713605161b914242fe234fc10f582b6d635bc52421a85

Malware Config

Extracted

Family dridex
Botnet 10111
C2

188.165.17.91:8443

195.210.28.233:6601

rc4.plain
rc4.plain
Targets
Target

17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea

MD5

d446be44cf28f59942f016a2c506de34

Filesize

1MB

Score
10 /10
SHA1

2e331df29abe48e7cc25791fb92fe81970eae03d

SHA256

17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea

SHA512

e49c8f8e1aa53e749e0a2ce918916a1c0e5dc61456fa43831a6a04497e04d1c0927d50b97fc38642021713605161b914242fe234fc10f582b6d635bc52421a85

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex v4 dropper C2 parsing function

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation