5123dd0a5fa5899613b8c4fe66ed2a56e980bfcdc96dbf4d4a147b490049ad38

General
Target

5123dd0a5fa5899613b8c4fe66ed2a56e980bfcdc96dbf4d4a147b490049ad38

Size

162KB

Sample

210422-mvcleny1xx

Score
10 /10
MD5

6d6c8365e8775db92d308e495c8548ec

SHA1

b7448f21cb819414feb7072d4b19dae1e0bd11c2

SHA256

5123dd0a5fa5899613b8c4fe66ed2a56e980bfcdc96dbf4d4a147b490049ad38

SHA512

617278570766a200a4db19ad5349f726822e832ca4d0d695cdc621b2a001044f1cc216368ce7453f53c785d46ff944c810a7e6ffe7b4ada3a52e0af16393e790

Malware Config

Extracted

Family dridex
Botnet 40112
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

5123dd0a5fa5899613b8c4fe66ed2a56e980bfcdc96dbf4d4a147b490049ad38

MD5

6d6c8365e8775db92d308e495c8548ec

Filesize

162KB

Score
10 /10
SHA1

b7448f21cb819414feb7072d4b19dae1e0bd11c2

SHA256

5123dd0a5fa5899613b8c4fe66ed2a56e980bfcdc96dbf4d4a147b490049ad38

SHA512

617278570766a200a4db19ad5349f726822e832ca4d0d695cdc621b2a001044f1cc216368ce7453f53c785d46ff944c810a7e6ffe7b4ada3a52e0af16393e790

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1