b4097f699e2906dd5548bd1262b38a073afe9e887b916070ea302b009b331b35

General
Target

b4097f699e2906dd5548bd1262b38a073afe9e887b916070ea302b009b331b35

Size

162KB

Sample

210421-fnnn1snsva

Score
10 /10
MD5

559907fb12236bdd365daeffafd24ea4

SHA1

5f12e9493f098ca5e4f9a1c80db1ecec0d2e015a

SHA256

b4097f699e2906dd5548bd1262b38a073afe9e887b916070ea302b009b331b35

SHA512

7af35273ad4dc28927c7fff6f510f96514cf103d9965a11063505a0f213c2e0f6af24ffeecfda83da2d882aa7179bf1a1ef3088416e280ac996584f64bdcd013

Malware Config

Extracted

Family dridex
Botnet 40112
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

b4097f699e2906dd5548bd1262b38a073afe9e887b916070ea302b009b331b35

MD5

559907fb12236bdd365daeffafd24ea4

Filesize

162KB

Score
10 /10
SHA1

5f12e9493f098ca5e4f9a1c80db1ecec0d2e015a

SHA256

b4097f699e2906dd5548bd1262b38a073afe9e887b916070ea302b009b331b35

SHA512

7af35273ad4dc28927c7fff6f510f96514cf103d9965a11063505a0f213c2e0f6af24ffeecfda83da2d882aa7179bf1a1ef3088416e280ac996584f64bdcd013

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1