39174b5cc7e1f6a79b6bf727ace6b98991c66918e93fb65adb03d24e1cfc4e2c

General
Target

39174b5cc7e1f6a79b6bf727ace6b98991c66918e93fb65adb03d24e1cfc4e2c

Size

158KB

Sample

210421-x6wnhlt8k6

Score
10 /10
MD5

92c9683a1c7fcf686c03c2ae359eb85c

SHA1

99064e59a4802376b40fe64e9bbca7bea37d4eca

SHA256

39174b5cc7e1f6a79b6bf727ace6b98991c66918e93fb65adb03d24e1cfc4e2c

SHA512

11cd30cf2d290f90f10e3291a4dd8a0fd6076e0b62d14fd096a842f2a7b55e879ae94618dfe103a5f8cb52a2c97b3ca13d91e4730d668b28e6654145b3941bc6

Malware Config

Extracted

Family dridex
Botnet 40112
C2

94.247.168.64:443

159.203.93.122:8172

50.116.27.97:2303

rc4.plain
rc4.plain
Targets
Target

39174b5cc7e1f6a79b6bf727ace6b98991c66918e93fb65adb03d24e1cfc4e2c

MD5

92c9683a1c7fcf686c03c2ae359eb85c

Filesize

158KB

Score
10 /10
SHA1

99064e59a4802376b40fe64e9bbca7bea37d4eca

SHA256

39174b5cc7e1f6a79b6bf727ace6b98991c66918e93fb65adb03d24e1cfc4e2c

SHA512

11cd30cf2d290f90f10e3291a4dd8a0fd6076e0b62d14fd096a842f2a7b55e879ae94618dfe103a5f8cb52a2c97b3ca13d91e4730d668b28e6654145b3941bc6

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1