General

  • Target

    kzwc4s.zip

  • Size

    848KB

  • Sample

    210121-vreg7tws56

  • MD5

    f82d6953d7261f02eecd7cf2342f4514

  • SHA1

    a18b47ee1c5dd5a80043f3b13b454ab987212cb3

  • SHA256

    0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7

  • SHA512

    568b380a9e9883c7d37467b223ec725f76e6ab8c9dc480ce68e074627fe445e9925de750a7ea78e7b1226f66caa3e69abf7bf916badf32a1f01518ed8eb4585b

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786

rc4.plain
rc4.plain

Targets

    • Target

      kzwc4s.zip

    • Size

      848KB

    • MD5

      f82d6953d7261f02eecd7cf2342f4514

    • SHA1

      a18b47ee1c5dd5a80043f3b13b454ab987212cb3

    • SHA256

      0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7

    • SHA512

      568b380a9e9883c7d37467b223ec725f76e6ab8c9dc480ce68e074627fe445e9925de750a7ea78e7b1226f66caa3e69abf7bf916badf32a1f01518ed8eb4585b

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks