General

  • Target

    aa7a1361feb49bdc9ae17efcd3510674.exe

  • Size

    477KB

  • Sample

    211027-t4h9tsffg7

  • MD5

    aa7a1361feb49bdc9ae17efcd3510674

  • SHA1

    0132676344d5f38b24a57517db95bb0034abf916

  • SHA256

    b454160369a30dde38ca7df6193d2d459b29ff01f601aa86cb16dcb30f1e4e9d

  • SHA512

    046173ffa27d29e5cc83d836ce5778c179e539642ae947443b965b0d4c4246c90e287618ea2b338fd7c1be5040ed733ac6f3cbb106b5fdff0d3ed78c7881de3a

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

54.37.202.209:8194

144.76.162.241:10172

94.23.24.82:6225

rc4.plain
rc4.plain

Targets

    • Target

      aa7a1361feb49bdc9ae17efcd3510674.exe

    • Size

      477KB

    • MD5

      aa7a1361feb49bdc9ae17efcd3510674

    • SHA1

      0132676344d5f38b24a57517db95bb0034abf916

    • SHA256

      b454160369a30dde38ca7df6193d2d459b29ff01f601aa86cb16dcb30f1e4e9d

    • SHA512

      046173ffa27d29e5cc83d836ce5778c179e539642ae947443b965b0d4c4246c90e287618ea2b338fd7c1be5040ed733ac6f3cbb106b5fdff0d3ed78c7881de3a

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks