General

  • Target

    dyh3tb9j.zipxvtnonwk

  • Size

    497KB

  • Sample

    220611-tzze9afhej

  • MD5

    ea17e483833d1d1b26babad280b6f7cd

  • SHA1

    ffd61dddb0607a6a12e9f58b50185be7998f7e39

  • SHA256

    db8945a793ea1bd94eb1aa3e3e14e84da66b3048f4a86e814e6d0f8dd5c8c276

  • SHA512

    7d2add1d53aa7d84ef2e223d5ef8b27ff8f7d5847a27407fed5d0d9cffd3a64bc6ebc41b8b6000d92f077ab7908f940963bdbafe6bb817131dc9ce78d3b2f95e

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

178.128.83.165:443

128.199.59.13:8172

110.164.184.226:6516

rc4.plain
rc4.plain

Targets

    • Target

      dyh3tb9j.zipxvtnonwk

    • Size

      497KB

    • MD5

      ea17e483833d1d1b26babad280b6f7cd

    • SHA1

      ffd61dddb0607a6a12e9f58b50185be7998f7e39

    • SHA256

      db8945a793ea1bd94eb1aa3e3e14e84da66b3048f4a86e814e6d0f8dd5c8c276

    • SHA512

      7d2add1d53aa7d84ef2e223d5ef8b27ff8f7d5847a27407fed5d0d9cffd3a64bc6ebc41b8b6000d92f077ab7908f940963bdbafe6bb817131dc9ce78d3b2f95e

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks