9475437e7dab319211228bf7981b9108e9e17e59dd9fb4d2dc2e42471e5df0f7

General
Target

9475437e7dab319211228bf7981b9108e9e17e59dd9fb4d2dc2e42471e5df0f7

Size

162KB

Sample

210504-2xk9gcfxxx

Score
10 /10
MD5

23b48f808cc466bc3c7dd82a1fabf77e

SHA1

b118a2255d9d1cff31884561c9fa83c6aecd4532

SHA256

9475437e7dab319211228bf7981b9108e9e17e59dd9fb4d2dc2e42471e5df0f7

SHA512

835285ed1ed89bf8b83d9460845bba0c77e4d517edd50caa31a7ee2db3d544d2269c1f8ff5589cb58ed612398dace22db3617546f87686bbb64802c3f3221d02

Malware Config

Extracted

Family dridex
Botnet 40112
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

9475437e7dab319211228bf7981b9108e9e17e59dd9fb4d2dc2e42471e5df0f7

MD5

23b48f808cc466bc3c7dd82a1fabf77e

Filesize

162KB

Score
10 /10
SHA1

b118a2255d9d1cff31884561c9fa83c6aecd4532

SHA256

9475437e7dab319211228bf7981b9108e9e17e59dd9fb4d2dc2e42471e5df0f7

SHA512

835285ed1ed89bf8b83d9460845bba0c77e4d517edd50caa31a7ee2db3d544d2269c1f8ff5589cb58ed612398dace22db3617546f87686bbb64802c3f3221d02

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1