General

  • Target

    c2f17df0900e8280c6fc04574d47a0faf2bee573e5403b174325a7e01bbb2505

  • Size

    1.6MB

  • Sample

    220708-kbrk3abcd8

  • MD5

    1a59bce812efd0fc314d0d08bea88833

  • SHA1

    7a08d0efb335275962379e0296e095aed2f933ee

  • SHA256

    c2f17df0900e8280c6fc04574d47a0faf2bee573e5403b174325a7e01bbb2505

  • SHA512

    9ed2dbb084865a3104f34d792044ac088df002494071a6e92c25fa63ef27f679ff80568cc8867ba3ec4529ee8685f0d5d675578438d840fc5e23c8ff37d7b2e0

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

81.169.224.222:3389

62.75.168.106:3886

82.165.152.127:3389

rc4.plain
rc4.plain

Targets

    • Target

      c2f17df0900e8280c6fc04574d47a0faf2bee573e5403b174325a7e01bbb2505

    • Size

      1.6MB

    • MD5

      1a59bce812efd0fc314d0d08bea88833

    • SHA1

      7a08d0efb335275962379e0296e095aed2f933ee

    • SHA256

      c2f17df0900e8280c6fc04574d47a0faf2bee573e5403b174325a7e01bbb2505

    • SHA512

      9ed2dbb084865a3104f34d792044ac088df002494071a6e92c25fa63ef27f679ff80568cc8867ba3ec4529ee8685f0d5d675578438d840fc5e23c8ff37d7b2e0

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks