General

  • Target

    11e755c9d1a5ea74dfc765a2f44eb7c3bbc2d735fcf2489882ede6aeb0816493.bin

  • Size

    235KB

  • Sample

    201120-de7r1vhpqe

  • MD5

    180230a6ffbbf57a370da06c41b26cf1

  • SHA1

    2f25b00b16544615b766e5efd10555797177f29a

  • SHA256

    11e755c9d1a5ea74dfc765a2f44eb7c3bbc2d735fcf2489882ede6aeb0816493

  • SHA512

    ac20e09c66c9ee9b72543b17c35891c99a0ec210cf90fda93d451846f46747c309d96188b55588333f3e3a395292b1a9d0bd93f91b7b47fba7a61a49e0050427

Malware Config

Extracted

Family

dridex

Version

10555

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain

Extracted

Family

dridex

Botnet

10555

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain

Targets

    • Target

      11e755c9d1a5ea74dfc765a2f44eb7c3bbc2d735fcf2489882ede6aeb0816493.bin

    • Size

      235KB

    • MD5

      180230a6ffbbf57a370da06c41b26cf1

    • SHA1

      2f25b00b16544615b766e5efd10555797177f29a

    • SHA256

      11e755c9d1a5ea74dfc765a2f44eb7c3bbc2d735fcf2489882ede6aeb0816493

    • SHA512

      ac20e09c66c9ee9b72543b17c35891c99a0ec210cf90fda93d451846f46747c309d96188b55588333f3e3a395292b1a9d0bd93f91b7b47fba7a61a49e0050427

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks