hNrs45j2n3mLRl0.php

General
Target

hNrs45j2n3mLRl0.php

Size

160KB

Sample

210426-8qlazbr1y2

Score
10 /10
MD5

86c9a71bbf9af242abc7e7d81fd25d06

SHA1

52ed6deb879e77400e0d643dc8a11dfe94553c08

SHA256

c7df6924710bd79de0a0bd5397659f925148fed9a567c0abde60a0432cb80bee

SHA512

7c396b444c74c4c30f3e82b29d9d073ca90f085b98b72528c3de5fd524e4387a7ea7627e7a043b0458689c007736a9347479f66ec45637234737dbb50ea8436d

Malware Config

Extracted

Family dridex
Botnet 40111
C2

185.148.168.240:443

162.216.125.131:2303

193.200.130.178:8172

rc4.plain
rc4.plain
Targets
Target

hNrs45j2n3mLRl0.php

MD5

86c9a71bbf9af242abc7e7d81fd25d06

Filesize

160KB

Score
10 /10
SHA1

52ed6deb879e77400e0d643dc8a11dfe94553c08

SHA256

c7df6924710bd79de0a0bd5397659f925148fed9a567c0abde60a0432cb80bee

SHA512

7c396b444c74c4c30f3e82b29d9d073ca90f085b98b72528c3de5fd524e4387a7ea7627e7a043b0458689c007736a9347479f66ec45637234737dbb50ea8436d

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10