General

  • Target

    e3c8a1d61130f0d0df1595afd31e38d7d25bff67b2e680a1aff6bfeb4df566e9.exe

  • Size

    608KB

  • Sample

    241121-kmyhrazrbv

  • MD5

    75094d30931bff3c2d53ae9254bf2378

  • SHA1

    565f16dee80979d1adfc6f1d1caf1bfe2f4e1596

  • SHA256

    e3c8a1d61130f0d0df1595afd31e38d7d25bff67b2e680a1aff6bfeb4df566e9

  • SHA512

    66dd10926f93a700d8fc015b00932e0ef257d18c928281bd5a0fc376d25e784a035126b793cca0dad5c8206dfcca14c1fd670fa1cc81b1fcd81887d21dbb6a83

  • SSDEEP

    12288:XZGQdqOG6TJqydLqQSeCqsVK8kPRGO35N9mVnzXc64:XZ08WjeCVVK8kP9N9ozm

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      e3c8a1d61130f0d0df1595afd31e38d7d25bff67b2e680a1aff6bfeb4df566e9.exe

    • Size

      608KB

    • MD5

      75094d30931bff3c2d53ae9254bf2378

    • SHA1

      565f16dee80979d1adfc6f1d1caf1bfe2f4e1596

    • SHA256

      e3c8a1d61130f0d0df1595afd31e38d7d25bff67b2e680a1aff6bfeb4df566e9

    • SHA512

      66dd10926f93a700d8fc015b00932e0ef257d18c928281bd5a0fc376d25e784a035126b793cca0dad5c8206dfcca14c1fd670fa1cc81b1fcd81887d21dbb6a83

    • SSDEEP

      12288:XZGQdqOG6TJqydLqQSeCqsVK8kPRGO35N9mVnzXc64:XZ08WjeCVVK8kP9N9ozm

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks