c916448e0e655e1c5bccf452efb7604772ee816c9b5f9c11b0a89c17e2942e35

General
Target

c916448e0e655e1c5bccf452efb7604772ee816c9b5f9c11b0a89c17e2942e35

Size

161KB

Sample

210504-1pqqn7a9c6

Score
10 /10
MD5

27bfb49d003b0285b1077e8dc57c8323

SHA1

45caa2793e1bcf1d1fa63e6f74e03d6d6ce22829

SHA256

c916448e0e655e1c5bccf452efb7604772ee816c9b5f9c11b0a89c17e2942e35

SHA512

37e6b51c28fc3ea76a50e4f4fa18525b43faf26348d6b9ba2336a64df11745e664693a88ee0c4a56b02390305239d43a9973ae0ec2fa24802cf412778fc568ac

Malware Config

Extracted

Family dridex
Botnet 40111
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

c916448e0e655e1c5bccf452efb7604772ee816c9b5f9c11b0a89c17e2942e35

MD5

27bfb49d003b0285b1077e8dc57c8323

Filesize

161KB

Score
10 /10
SHA1

45caa2793e1bcf1d1fa63e6f74e03d6d6ce22829

SHA256

c916448e0e655e1c5bccf452efb7604772ee816c9b5f9c11b0a89c17e2942e35

SHA512

37e6b51c28fc3ea76a50e4f4fa18525b43faf26348d6b9ba2336a64df11745e664693a88ee0c4a56b02390305239d43a9973ae0ec2fa24802cf412778fc568ac

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1