General

  • Target

    f8c5f5c795b1cfa9f61426fae6173509

  • Size

    620KB

  • Sample

    231220-v5j37abad3

  • MD5

    f8c5f5c795b1cfa9f61426fae6173509

  • SHA1

    06c55df23c9906a3287bf315879c70f946550710

  • SHA256

    1ad8659aed6685988f32b35668d5ba772f130bf51e8c553bc3a24d8af18a44ad

  • SHA512

    d72ad1c858614bdad00cdae311fec0dc9cb8955d91364cb7fd886ba14656991353eee54cfa46304ba4ed8c0dfcfb445ce1766f88c472adf2531588b5e4b06268

  • SSDEEP

    12288:OE6rSia41bs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1oO/zFZx:kesG3j0dMZnCutz4zI5xDwXUim

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      f8c5f5c795b1cfa9f61426fae6173509

    • Size

      620KB

    • MD5

      f8c5f5c795b1cfa9f61426fae6173509

    • SHA1

      06c55df23c9906a3287bf315879c70f946550710

    • SHA256

      1ad8659aed6685988f32b35668d5ba772f130bf51e8c553bc3a24d8af18a44ad

    • SHA512

      d72ad1c858614bdad00cdae311fec0dc9cb8955d91364cb7fd886ba14656991353eee54cfa46304ba4ed8c0dfcfb445ce1766f88c472adf2531588b5e4b06268

    • SSDEEP

      12288:OE6rSia41bs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1oO/zFZx:kesG3j0dMZnCutz4zI5xDwXUim

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks