General

  • Target

    6ac95779dc09b848d9c5bcc13cc2a00f

  • Size

    750KB

  • Sample

    211027-t2yxhafff5

  • MD5

    6ac95779dc09b848d9c5bcc13cc2a00f

  • SHA1

    95f43ca4043d812aa7e50e3c6a88a2fcb76f07e1

  • SHA256

    ae458812cc8e0d27439d6d06df8648e653d015669486e547394e339219a686e2

  • SHA512

    b0da49cfc69708660251456aa4d7da57c86cb6b3b7536d8cd12d4ffccd40fc7288e0ef116b7fbd5f2fe16ce09cee156a116bff6b9fe1a89ce56537f9bd3519d1

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain
rc4.plain

Targets

    • Target

      6ac95779dc09b848d9c5bcc13cc2a00f

    • Size

      750KB

    • MD5

      6ac95779dc09b848d9c5bcc13cc2a00f

    • SHA1

      95f43ca4043d812aa7e50e3c6a88a2fcb76f07e1

    • SHA256

      ae458812cc8e0d27439d6d06df8648e653d015669486e547394e339219a686e2

    • SHA512

      b0da49cfc69708660251456aa4d7da57c86cb6b3b7536d8cd12d4ffccd40fc7288e0ef116b7fbd5f2fe16ce09cee156a116bff6b9fe1a89ce56537f9bd3519d1

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks