General

  • Target

    xkmjs35.tarnaycfuvw

  • Size

    1.0MB

  • Sample

    220611-vqrjqahagr

  • MD5

    e25df6542aee785f8c1d836895c31f12

  • SHA1

    8ede993ca03d023514bdb83488a8a495ccc3524b

  • SHA256

    2a6ab44c7c050efc9a9e8123e6865d6f7fefd6c9eb8f74c0815561faeaa51c6b

  • SHA512

    0380c78eb09e421cc2d72c4b962d8376f1272a8d326340693c820dd814cea978c4bd4e8c50e4dea6d556c5f19af3279c38554dbd9813f96f391ac51a95d25b42

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain
rc4.plain

Targets

    • Target

      xkmjs35.tarnaycfuvw

    • Size

      1.0MB

    • MD5

      e25df6542aee785f8c1d836895c31f12

    • SHA1

      8ede993ca03d023514bdb83488a8a495ccc3524b

    • SHA256

      2a6ab44c7c050efc9a9e8123e6865d6f7fefd6c9eb8f74c0815561faeaa51c6b

    • SHA512

      0380c78eb09e421cc2d72c4b962d8376f1272a8d326340693c820dd814cea978c4bd4e8c50e4dea6d556c5f19af3279c38554dbd9813f96f391ac51a95d25b42

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks