d55ecfe1dc687fc0e7a01e459685c3d25e4d9a280ece82da7dc6e7838fe1121a

General
Target

d55ecfe1dc687fc0e7a01e459685c3d25e4d9a280ece82da7dc6e7838fe1121a

Size

162KB

Sample

210421-whh85khzes

Score
10 /10
MD5

e167a98b81366d62a7267b5ff6f37c7e

SHA1

e2daaee7694e3c997b49427de30a28ce11f085af

SHA256

d55ecfe1dc687fc0e7a01e459685c3d25e4d9a280ece82da7dc6e7838fe1121a

SHA512

308c94d846147ff167fe0d03489ddea2ec8848d607def324584cb1c661be07164359294d84390db3c1af8f2e122e732bfae9b23360923f9ddc429e55a8aaa966

Malware Config

Extracted

Family dridex
Botnet 40112
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

d55ecfe1dc687fc0e7a01e459685c3d25e4d9a280ece82da7dc6e7838fe1121a

MD5

e167a98b81366d62a7267b5ff6f37c7e

Filesize

162KB

Score
10 /10
SHA1

e2daaee7694e3c997b49427de30a28ce11f085af

SHA256

d55ecfe1dc687fc0e7a01e459685c3d25e4d9a280ece82da7dc6e7838fe1121a

SHA512

308c94d846147ff167fe0d03489ddea2ec8848d607def324584cb1c661be07164359294d84390db3c1af8f2e122e732bfae9b23360923f9ddc429e55a8aaa966

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1