2036560edc35a00cf853244418182a6ec89d2f35487a5acff2781abc9f750375

General
Target

2036560edc35a00cf853244418182a6ec89d2f35487a5acff2781abc9f750375

Size

162KB

Sample

210421-blctq6h6g6

Score
10 /10
MD5

af5a6195e8bd27e6750d319b100d4c77

SHA1

76aba925d8c7b593b579ae53df1d4809d1a2c1b3

SHA256

2036560edc35a00cf853244418182a6ec89d2f35487a5acff2781abc9f750375

SHA512

670ededbd5363808fddf0dbf42442ccddcd46835d6161b971ab260020c88f39d5633e4b0f67883bc11d9d385c2368e6001b0bf6e84aa40cc9b62f6eae858410c

Malware Config

Extracted

Family dridex
Botnet 40112
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

2036560edc35a00cf853244418182a6ec89d2f35487a5acff2781abc9f750375

MD5

af5a6195e8bd27e6750d319b100d4c77

Filesize

162KB

Score
10 /10
SHA1

76aba925d8c7b593b579ae53df1d4809d1a2c1b3

SHA256

2036560edc35a00cf853244418182a6ec89d2f35487a5acff2781abc9f750375

SHA512

670ededbd5363808fddf0dbf42442ccddcd46835d6161b971ab260020c88f39d5633e4b0f67883bc11d9d385c2368e6001b0bf6e84aa40cc9b62f6eae858410c

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1