Resubmissions

04-01-2021 16:33

210104-dt76fatrme 10

04-01-2021 15:29

210104-h36y88a27j 10

General

  • Target

    e5gwe.dll

  • Size

    164KB

  • Sample

    210104-dt76fatrme

  • MD5

    97235c5153c1e1a988df36a8db83ef87

  • SHA1

    5768261af0eb9c293d29b5a9106762b1b4859aad

  • SHA256

    2e8384b979521ab1a3ac17745f81d9a18fa084294d242d4a6918db4413e313c6

  • SHA512

    ad6f66e63ca693b0d3644eafb68b9969d7b4f70d885781b98ae2391bab5425770d5172f95e818a8c771f201b7548035c7d77d81c96abf28a0ae388a5dc706dde

Score
10/10

Malware Config

Extracted

Family

dridex

Botnet

111

C2

172.86.186.22:3889

46.105.131.78:14431

103.244.206.74:33443

139.162.53.147:4443

rc4.plain
rc4.plain

Targets

    • Target

      e5gwe.dll

    • Size

      164KB

    • MD5

      97235c5153c1e1a988df36a8db83ef87

    • SHA1

      5768261af0eb9c293d29b5a9106762b1b4859aad

    • SHA256

      2e8384b979521ab1a3ac17745f81d9a18fa084294d242d4a6918db4413e313c6

    • SHA512

      ad6f66e63ca693b0d3644eafb68b9969d7b4f70d885781b98ae2391bab5425770d5172f95e818a8c771f201b7548035c7d77d81c96abf28a0ae388a5dc706dde

    Score
    10/10
    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks