General

  • Target

    d9it9p.rar

  • Size

    497KB

  • Sample

    220611-tyez8acag7

  • MD5

    4c40878a680989564d69aaaad6675b3d

  • SHA1

    61ad964d616ed4a29fc0d3172840eced09ecc0ae

  • SHA256

    3f7c187c9539e39d8556dfa534e260aa0255d682aee06e3afdcfe4c047bf6e77

  • SHA512

    d997c6078564b628a8a45e3a2eb91b4dc177c892e9d3eff9026c7630bacad8344c4f63d5386e57d38381dc1002c53338001dbb4d6cd58b139b64ff2590165f17

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

178.128.83.165:443

128.199.59.13:8172

110.164.184.226:6516

rc4.plain
rc4.plain

Targets

    • Target

      d9it9p.rar

    • Size

      497KB

    • MD5

      4c40878a680989564d69aaaad6675b3d

    • SHA1

      61ad964d616ed4a29fc0d3172840eced09ecc0ae

    • SHA256

      3f7c187c9539e39d8556dfa534e260aa0255d682aee06e3afdcfe4c047bf6e77

    • SHA512

      d997c6078564b628a8a45e3a2eb91b4dc177c892e9d3eff9026c7630bacad8344c4f63d5386e57d38381dc1002c53338001dbb4d6cd58b139b64ff2590165f17

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks