General

  • Target

    de4088f932934d5fc134cf410136d81f

  • Size

    620KB

  • Sample

    231220-tawm3acefp

  • MD5

    de4088f932934d5fc134cf410136d81f

  • SHA1

    b03d3d4f2ac2752b58fb2b586dda240a647fb319

  • SHA256

    0d002228f1c316bbeb0df23eb1af59353764670a4573520b6756fe1b100e2447

  • SHA512

    6f2ca492c66f028e561e178c16ffaa7433b73284783ee40b107cb55586e65c7410d5c5336f718dc8b5d70e19c2c3f4788912eca32e006c6570ba476542d4e093

  • SSDEEP

    12288:UE6rSiA4qbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1BO/zFZx:aeKn3j0dMZnCutz4zI5xDwXUbm

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      de4088f932934d5fc134cf410136d81f

    • Size

      620KB

    • MD5

      de4088f932934d5fc134cf410136d81f

    • SHA1

      b03d3d4f2ac2752b58fb2b586dda240a647fb319

    • SHA256

      0d002228f1c316bbeb0df23eb1af59353764670a4573520b6756fe1b100e2447

    • SHA512

      6f2ca492c66f028e561e178c16ffaa7433b73284783ee40b107cb55586e65c7410d5c5336f718dc8b5d70e19c2c3f4788912eca32e006c6570ba476542d4e093

    • SSDEEP

      12288:UE6rSiA4qbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1BO/zFZx:aeKn3j0dMZnCutz4zI5xDwXUbm

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks