697b93e0c9a2994485169b8e5f91eb69d624096dab6361460aab7846fd52c216

General
Target

697b93e0c9a2994485169b8e5f91eb69d624096dab6361460aab7846fd52c216

Size

161KB

Sample

210421-nld8gk9vk6

Score
10 /10
MD5

a39dc08d79b0a8e38b1131c6bda81fa1

SHA1

639d93cc1d78a1bb5e816e487e6e1955526e9bf3

SHA256

697b93e0c9a2994485169b8e5f91eb69d624096dab6361460aab7846fd52c216

SHA512

ad02f3b247066742edb43d5622a62bc06f754ffb3c12e0b3b6fc1cd15022e20d91f9719ad5a6166753260a157f2e3cdacb867dab48d0d78baedf9a69138052ef

Malware Config

Extracted

Family dridex
Botnet 40111
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

697b93e0c9a2994485169b8e5f91eb69d624096dab6361460aab7846fd52c216

MD5

a39dc08d79b0a8e38b1131c6bda81fa1

Filesize

161KB

Score
10 /10
SHA1

639d93cc1d78a1bb5e816e487e6e1955526e9bf3

SHA256

697b93e0c9a2994485169b8e5f91eb69d624096dab6361460aab7846fd52c216

SHA512

ad02f3b247066742edb43d5622a62bc06f754ffb3c12e0b3b6fc1cd15022e20d91f9719ad5a6166753260a157f2e3cdacb867dab48d0d78baedf9a69138052ef

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1