General

  • Target

    43a7af68ffc6179746706607b89fc996

  • Size

    750KB

  • Sample

    211027-t27jmsffg2

  • MD5

    43a7af68ffc6179746706607b89fc996

  • SHA1

    706cef2b7cd473da26b35306dd3e5533741d603e

  • SHA256

    49c48ee0386bb21cfc39effe5a7e6f06398921ffda0f65864d66ae883808731c

  • SHA512

    83c1e5ab86aab3ad5f1d9b76ae382f675a41138ce2b8e5277461c751d333fb3dca01d371411506ebd1aed1ff6e97861ab85aa487f1efca511223392bd6cfe632

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain
rc4.plain

Targets

    • Target

      43a7af68ffc6179746706607b89fc996

    • Size

      750KB

    • MD5

      43a7af68ffc6179746706607b89fc996

    • SHA1

      706cef2b7cd473da26b35306dd3e5533741d603e

    • SHA256

      49c48ee0386bb21cfc39effe5a7e6f06398921ffda0f65864d66ae883808731c

    • SHA512

      83c1e5ab86aab3ad5f1d9b76ae382f675a41138ce2b8e5277461c751d333fb3dca01d371411506ebd1aed1ff6e97861ab85aa487f1efca511223392bd6cfe632

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks