General

  • Target

    1160ebaccddff549689f5a23fe1f5b8f

  • Size

    750KB

  • Sample

    211027-t27jmsffg3

  • MD5

    1160ebaccddff549689f5a23fe1f5b8f

  • SHA1

    11d658e99b552c3b5de915b2121aabec2f1797f8

  • SHA256

    0d22bc5c2660001ba4b10e2f2606985f9675f667e0a28f4b65c3cbb83114fef2

  • SHA512

    bf65a6cb1b094461fe6d9bb192461ecba47925cb4801df2394de8425c1ab2b345dd14020db4d2c051f8669b8462817a5e0c8d213a73c6766f6d06954723976c6

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain
rc4.plain

Targets

    • Target

      1160ebaccddff549689f5a23fe1f5b8f

    • Size

      750KB

    • MD5

      1160ebaccddff549689f5a23fe1f5b8f

    • SHA1

      11d658e99b552c3b5de915b2121aabec2f1797f8

    • SHA256

      0d22bc5c2660001ba4b10e2f2606985f9675f667e0a28f4b65c3cbb83114fef2

    • SHA512

      bf65a6cb1b094461fe6d9bb192461ecba47925cb4801df2394de8425c1ab2b345dd14020db4d2c051f8669b8462817a5e0c8d213a73c6766f6d06954723976c6

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks