General

  • Target

    dff6c689399a6d75f6dcd1a7f08d3e2a6faee4518ab9ae20dea34b5bb843f64a

  • Size

    154KB

  • Sample

    210421-7vp92pf8ne

  • MD5

    73e0ad58c3468f87e0260d5426c36e80

  • SHA1

    664c27b76515347651d501ee680244856bd8f589

  • SHA256

    dff6c689399a6d75f6dcd1a7f08d3e2a6faee4518ab9ae20dea34b5bb843f64a

  • SHA512

    8a0e9f448ccce8094965c5bdb539795997d44010212c20b591b66fdfab09c7e6d52364e4350f1fa8e47a63c487c5dfde47825ac8125352cd1a21981b952c71dc

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

159.8.59.82:443

51.91.156.39:2303

67.196.50.240:8172

rc4.plain
rc4.plain

Targets

    • Target

      dff6c689399a6d75f6dcd1a7f08d3e2a6faee4518ab9ae20dea34b5bb843f64a

    • Size

      154KB

    • MD5

      73e0ad58c3468f87e0260d5426c36e80

    • SHA1

      664c27b76515347651d501ee680244856bd8f589

    • SHA256

      dff6c689399a6d75f6dcd1a7f08d3e2a6faee4518ab9ae20dea34b5bb843f64a

    • SHA512

      8a0e9f448ccce8094965c5bdb539795997d44010212c20b591b66fdfab09c7e6d52364e4350f1fa8e47a63c487c5dfde47825ac8125352cd1a21981b952c71dc

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks