General

  • Target

    bea4379c47f02f88e77a690879a0d323

  • Size

    620KB

  • Sample

    231220-q8qb6afee5

  • MD5

    bea4379c47f02f88e77a690879a0d323

  • SHA1

    d82c912a86a5ebedede1015cf0b814b2711e75a7

  • SHA256

    b585a54184f3c933f4e0e38cadec4ada8950278bbdf69970b6f1539865772e36

  • SHA512

    ca5841bab2f75ea13b1f8513cf9740cd7a2e60f401bd6425155711a2df0c697db4051298d9a51493011a65f3f6e4ca00ab82f51e3679424b0fbb0662a465af93

  • SSDEEP

    12288:4E6rSiY4Gbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1RO/zFZx:ee6z3j0dMZnCutz4zI5xDwXU3m

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      bea4379c47f02f88e77a690879a0d323

    • Size

      620KB

    • MD5

      bea4379c47f02f88e77a690879a0d323

    • SHA1

      d82c912a86a5ebedede1015cf0b814b2711e75a7

    • SHA256

      b585a54184f3c933f4e0e38cadec4ada8950278bbdf69970b6f1539865772e36

    • SHA512

      ca5841bab2f75ea13b1f8513cf9740cd7a2e60f401bd6425155711a2df0c697db4051298d9a51493011a65f3f6e4ca00ab82f51e3679424b0fbb0662a465af93

    • SSDEEP

      12288:4E6rSiY4Gbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1RO/zFZx:ee6z3j0dMZnCutz4zI5xDwXU3m

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks