General

  • Target

    file6.bin

  • Size

    164KB

  • Sample

    220519-nnj9ashfem

  • MD5

    ea09239b2e17576e1907df8e7f4ef6a2

  • SHA1

    931bfe2fa810a16caf53035f351f08464f3947a2

  • SHA256

    8e2d3f6bc5f7b639638d2f5ec751bc2985f1636005131623c5d2c448885c5d89

  • SHA512

    445029a09c4e4e270ced7ee193ad4e2cadd5be85163530c7d4fa8d36dcf1c921cc199c55952cfebd9fb3226ccd362ce5059f30309b39a676d2ea494c6f3e9c15

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

202.29.60.34:443

66.175.217.172:13786

78.46.78.42:9043

rc4.plain
rc4.plain

Targets

    • Target

      file6.bin

    • Size

      164KB

    • MD5

      ea09239b2e17576e1907df8e7f4ef6a2

    • SHA1

      931bfe2fa810a16caf53035f351f08464f3947a2

    • SHA256

      8e2d3f6bc5f7b639638d2f5ec751bc2985f1636005131623c5d2c448885c5d89

    • SHA512

      445029a09c4e4e270ced7ee193ad4e2cadd5be85163530c7d4fa8d36dcf1c921cc199c55952cfebd9fb3226ccd362ce5059f30309b39a676d2ea494c6f3e9c15

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks