Resubmissions

10-05-2021 09:59

210510-sgk5x1kvh2 10

12-04-2021 14:20

210412-dmsscmm9ax 10

General

  • Target

    f5b51125f061ec607147127715038c7d53e012239fbdb119c76a4907e74ff14d

  • Size

    192KB

  • Sample

    210510-sgk5x1kvh2

  • MD5

    1056cc046bb7a2cd71ae8e967d0b916d

  • SHA1

    b853dff2316760fd734e2ace77e8d12bd76c3d32

  • SHA256

    f5b51125f061ec607147127715038c7d53e012239fbdb119c76a4907e74ff14d

  • SHA512

    6965de3ceae82367500e8e4aeebe9d1009fb8d39a31e9111eb2d0e077113736938d19c7a6ca01f199ebc8e21c916f9d3e51bfa42174cc0a834fb4bdaee7c260a

Malware Config

Extracted

Family

dridex

Botnet

111

C2

77.220.64.135:443

107.180.90.10:6601

31.24.158.56:7275

rc4.plain
rc4.plain

Targets

    • Target

      f5b51125f061ec607147127715038c7d53e012239fbdb119c76a4907e74ff14d

    • Size

      192KB

    • MD5

      1056cc046bb7a2cd71ae8e967d0b916d

    • SHA1

      b853dff2316760fd734e2ace77e8d12bd76c3d32

    • SHA256

      f5b51125f061ec607147127715038c7d53e012239fbdb119c76a4907e74ff14d

    • SHA512

      6965de3ceae82367500e8e4aeebe9d1009fb8d39a31e9111eb2d0e077113736938d19c7a6ca01f199ebc8e21c916f9d3e51bfa42174cc0a834fb4bdaee7c260a

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks