Resubmissions

23-11-2020 08:20

201123-8781tq461a 10

General

  • Target

    ojh69yt.zip

  • Size

    539KB

  • Sample

    201123-8781tq461a

  • MD5

    3dd08a111c25ec4fd73599b389f628b0

  • SHA1

    3e5b5c0f3437af1c5c559d94da64d6e0d36dc56f

  • SHA256

    aa1b00f53b9ee1ee1edeaeab7b7d272d1c8e84cd3140b32e9a15a89f90a7166a

  • SHA512

    a4e01216ff2a304141c690cecebecdd2f20032ccda8f78e26aef392194a7fd1790754c9f1f38e61738d48b6f1c0468c5372cfa44161d4b959608e7c95a58d862

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain

Targets

    • Target

      ojh69yt.zip

    • Size

      539KB

    • MD5

      3dd08a111c25ec4fd73599b389f628b0

    • SHA1

      3e5b5c0f3437af1c5c559d94da64d6e0d36dc56f

    • SHA256

      aa1b00f53b9ee1ee1edeaeab7b7d272d1c8e84cd3140b32e9a15a89f90a7166a

    • SHA512

      a4e01216ff2a304141c690cecebecdd2f20032ccda8f78e26aef392194a7fd1790754c9f1f38e61738d48b6f1c0468c5372cfa44161d4b959608e7c95a58d862

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks