General

  • Target

    hbjbf7q.jpg

  • Size

    1.0MB

  • Sample

    220626-gaj8taagh4

  • MD5

    69ab5b2ac08ffbd57885683ace162f84

  • SHA1

    b96549d53a6ba8eb89509ff4f870d7f18717b80a

  • SHA256

    8cd2f472d14988a503023626ca9a90b82b9d0889d95f3db6473e9a9e7e0fd85a

  • SHA512

    e102354ca12595d5bdf6d7c76d6e9e863ada6de1801215d54e4cae6f475408a4a35193f84bf254e3349df4d113b172f3cd930fdc305eef2b0e02d801129dd80e

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain
rc4.plain

Targets

    • Target

      hbjbf7q.jpg

    • Size

      1.0MB

    • MD5

      69ab5b2ac08ffbd57885683ace162f84

    • SHA1

      b96549d53a6ba8eb89509ff4f870d7f18717b80a

    • SHA256

      8cd2f472d14988a503023626ca9a90b82b9d0889d95f3db6473e9a9e7e0fd85a

    • SHA512

      e102354ca12595d5bdf6d7c76d6e9e863ada6de1801215d54e4cae6f475408a4a35193f84bf254e3349df4d113b172f3cd930fdc305eef2b0e02d801129dd80e

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks