General

  • Target

    88f0bcde68a5aed74c7abc99a381cbfd75196b40dbca1ab3ec4a15a590c716cd

  • Size

    154KB

  • Sample

    210421-gnc1avsrke

  • MD5

    75fd5df5c1b5101d4ea2b72bd82e23fe

  • SHA1

    2f93f9025301faff937a99d515a49e5c06227726

  • SHA256

    88f0bcde68a5aed74c7abc99a381cbfd75196b40dbca1ab3ec4a15a590c716cd

  • SHA512

    6b010cac6aec9ae9393ab5e1e70b67f6685c82a17c32bd4eda4da5e6690a6ffe21d04c4e9b31015b58e89a058367d1d5b2b91bbe94dbbfee69baff941ba3301a

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

159.8.59.82:443

51.91.156.39:2303

67.196.50.240:8172

rc4.plain
rc4.plain

Targets

    • Target

      88f0bcde68a5aed74c7abc99a381cbfd75196b40dbca1ab3ec4a15a590c716cd

    • Size

      154KB

    • MD5

      75fd5df5c1b5101d4ea2b72bd82e23fe

    • SHA1

      2f93f9025301faff937a99d515a49e5c06227726

    • SHA256

      88f0bcde68a5aed74c7abc99a381cbfd75196b40dbca1ab3ec4a15a590c716cd

    • SHA512

      6b010cac6aec9ae9393ab5e1e70b67f6685c82a17c32bd4eda4da5e6690a6ffe21d04c4e9b31015b58e89a058367d1d5b2b91bbe94dbbfee69baff941ba3301a

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks