General

  • Target

    f12e17df3e92d1323a34d3df27232f06f2172ca93ddce48aa3fdfed1eff80761

  • Size

    192KB

  • Sample

    210403-ec8dqaymmn

  • MD5

    8e79e397889ae99a48c454f3720f96d5

  • SHA1

    97dc2f507639abfc9a4d424357fa65c04a72c810

  • SHA256

    f12e17df3e92d1323a34d3df27232f06f2172ca93ddce48aa3fdfed1eff80761

  • SHA512

    4a5dc41c97725a9c10b1330fd0e7efe9f51e73b08fec38be9ac683f9b92baea9910c498c3a070e4e9aa357b2cbb496c6dbfcc3dbc54016e1cdfa7ecba25d0b28

Malware Config

Extracted

Family

dridex

Botnet

111

C2

77.220.64.135:443

107.180.90.10:6601

31.24.158.56:7275

rc4.plain
rc4.plain

Targets

    • Target

      f12e17df3e92d1323a34d3df27232f06f2172ca93ddce48aa3fdfed1eff80761

    • Size

      192KB

    • MD5

      8e79e397889ae99a48c454f3720f96d5

    • SHA1

      97dc2f507639abfc9a4d424357fa65c04a72c810

    • SHA256

      f12e17df3e92d1323a34d3df27232f06f2172ca93ddce48aa3fdfed1eff80761

    • SHA512

      4a5dc41c97725a9c10b1330fd0e7efe9f51e73b08fec38be9ac683f9b92baea9910c498c3a070e4e9aa357b2cbb496c6dbfcc3dbc54016e1cdfa7ecba25d0b28

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks