General

  • Target

    64b0096c90fe5a7aff20803b1486b57a

  • Size

    1.1MB

  • Sample

    240118-g3gndsebdk

  • MD5

    64b0096c90fe5a7aff20803b1486b57a

  • SHA1

    bf27b8718e038b06d493430445b2195b408b231a

  • SHA256

    76023d03ded80ae6bde2f2cc41c9a70a38181c9dbeb92d2ff1739e864ecb256b

  • SHA512

    3f894adca8edd566bb5028ebee1a162bb61b037557dde13e135c58804cafe6f608d8e696967b885652d2995a627a14f3e0629ca948b689e0358d548b47683c2f

  • SSDEEP

    12288:zM+ZdkmHubeaCo6Lga1w2A/sUQBJ8Evp:zMcpTo6sg+0BOQ

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

177.52.173.20:9043

192.100.170.1:10172

166.62.103.55:7443

rc4.plain
rc4.plain

Targets

    • Target

      64b0096c90fe5a7aff20803b1486b57a

    • Size

      1.1MB

    • MD5

      64b0096c90fe5a7aff20803b1486b57a

    • SHA1

      bf27b8718e038b06d493430445b2195b408b231a

    • SHA256

      76023d03ded80ae6bde2f2cc41c9a70a38181c9dbeb92d2ff1739e864ecb256b

    • SHA512

      3f894adca8edd566bb5028ebee1a162bb61b037557dde13e135c58804cafe6f608d8e696967b885652d2995a627a14f3e0629ca948b689e0358d548b47683c2f

    • SSDEEP

      12288:zM+ZdkmHubeaCo6Lga1w2A/sUQBJ8Evp:zMcpTo6sg+0BOQ

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks