General

  • Target

    9d6d2e3d5cd27fcec3a875c7cf8b7062

  • Size

    620KB

  • Sample

    231219-ztkmssahgm

  • MD5

    9d6d2e3d5cd27fcec3a875c7cf8b7062

  • SHA1

    d7421db843961ca54c296b79cc2e78aa14ea79aa

  • SHA256

    11a796292aced5a713251ae6da4329fc6bea7b6e843a8ae493c7db4a2a862181

  • SHA512

    a79ef4024f74b0ba9591648427135e2b5a46ed0aa9caed39f756971599370fa7113775c9603d526c73c0c6fecc33dd7fa589c7bb52a51b44ca2bd2698efa539b

  • SSDEEP

    12288:SE6rSip4Ybs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1DO/zFZx:YeL93j0dMZnCutz4zI5xDwXUNm

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      9d6d2e3d5cd27fcec3a875c7cf8b7062

    • Size

      620KB

    • MD5

      9d6d2e3d5cd27fcec3a875c7cf8b7062

    • SHA1

      d7421db843961ca54c296b79cc2e78aa14ea79aa

    • SHA256

      11a796292aced5a713251ae6da4329fc6bea7b6e843a8ae493c7db4a2a862181

    • SHA512

      a79ef4024f74b0ba9591648427135e2b5a46ed0aa9caed39f756971599370fa7113775c9603d526c73c0c6fecc33dd7fa589c7bb52a51b44ca2bd2698efa539b

    • SSDEEP

      12288:SE6rSip4Ybs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1DO/zFZx:YeL93j0dMZnCutz4zI5xDwXUNm

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks