General

  • Target

    f7edb215bb573e0cfde4f21f55ab4b06

  • Size

    620KB

  • Sample

    231220-v3f9hsfhbk

  • MD5

    f7edb215bb573e0cfde4f21f55ab4b06

  • SHA1

    baab948e7e7e53e5dcd96b4ed6808bb9e47bb0dd

  • SHA256

    ea6ab3d6415e07cda3ce76402abca648a43b15228b47eae21e54a468df630263

  • SHA512

    213b0eaa5c7e287dd2ab8bad0105dcbd7b431176149bf128c7426e001ea6ae30dec77481001600d4286ab4fe1b345850e75d4429940a87a3530e62ff1e09075b

  • SSDEEP

    12288:aE6rSie4Dbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1iO/zFZx:AeEk3j0dMZnCutz4zI5xDwXUMm

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      f7edb215bb573e0cfde4f21f55ab4b06

    • Size

      620KB

    • MD5

      f7edb215bb573e0cfde4f21f55ab4b06

    • SHA1

      baab948e7e7e53e5dcd96b4ed6808bb9e47bb0dd

    • SHA256

      ea6ab3d6415e07cda3ce76402abca648a43b15228b47eae21e54a468df630263

    • SHA512

      213b0eaa5c7e287dd2ab8bad0105dcbd7b431176149bf128c7426e001ea6ae30dec77481001600d4286ab4fe1b345850e75d4429940a87a3530e62ff1e09075b

    • SSDEEP

      12288:aE6rSie4Dbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1iO/zFZx:AeEk3j0dMZnCutz4zI5xDwXUMm

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks