General

  • Target

    5e64ee268440aa0dffece2a3126ca0fd5447467d415ef9c2a3a0e5567aaad55c

  • Size

    154KB

  • Sample

    210421-7senm5wzye

  • MD5

    0d4756da8c73fe9a7b78cebc70868044

  • SHA1

    65867ffa1605e692d7da023989ed0f71fcf5373e

  • SHA256

    5e64ee268440aa0dffece2a3126ca0fd5447467d415ef9c2a3a0e5567aaad55c

  • SHA512

    c375b0c48871c1562b2c5edb2102777d0e3c54eda5dc11947637faf57aad4cd53a195d5aeb8cb83cee9093a3b90599932202d179a3e9047026926f3acbd75ff6

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

159.8.59.82:443

51.91.156.39:2303

67.196.50.240:8172

rc4.plain
rc4.plain

Targets

    • Target

      5e64ee268440aa0dffece2a3126ca0fd5447467d415ef9c2a3a0e5567aaad55c

    • Size

      154KB

    • MD5

      0d4756da8c73fe9a7b78cebc70868044

    • SHA1

      65867ffa1605e692d7da023989ed0f71fcf5373e

    • SHA256

      5e64ee268440aa0dffece2a3126ca0fd5447467d415ef9c2a3a0e5567aaad55c

    • SHA512

      c375b0c48871c1562b2c5edb2102777d0e3c54eda5dc11947637faf57aad4cd53a195d5aeb8cb83cee9093a3b90599932202d179a3e9047026926f3acbd75ff6

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks