General

  • Target

    61991835eb95b1e55149870fe5ccc34e

  • Size

    1.1MB

  • Sample

    240117-drt8kaffdr

  • MD5

    61991835eb95b1e55149870fe5ccc34e

  • SHA1

    a38c4824aa605269de61e4817c6b66e631e4f258

  • SHA256

    b62fb2f1684610666395f4bb27c1f4212f80299895332e5746f0c97c70180169

  • SHA512

    5e840d8eae419e40bff4579d48709c7d278f3bbcd6411ac1a0595e22641f0fd19200a5225c5c394f2bd9a602357f048969aebc9a3ac75897aeef7a3dfd02796e

  • SSDEEP

    12288:kM+ZdkmHubeaCo6Lga1w2A/sUQBJ8Qvp:kMcpTo6sg+0BOE

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain
rc4.plain

Targets

    • Target

      61991835eb95b1e55149870fe5ccc34e

    • Size

      1.1MB

    • MD5

      61991835eb95b1e55149870fe5ccc34e

    • SHA1

      a38c4824aa605269de61e4817c6b66e631e4f258

    • SHA256

      b62fb2f1684610666395f4bb27c1f4212f80299895332e5746f0c97c70180169

    • SHA512

      5e840d8eae419e40bff4579d48709c7d278f3bbcd6411ac1a0595e22641f0fd19200a5225c5c394f2bd9a602357f048969aebc9a3ac75897aeef7a3dfd02796e

    • SSDEEP

      12288:kM+ZdkmHubeaCo6Lga1w2A/sUQBJ8Qvp:kMcpTo6sg+0BOE

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks