General

  • Target

    e6af2a88_by_Libranalysis

  • Size

    160KB

  • Sample

    210511-15w6p626h2

  • MD5

    e6af2a887a21d037654b13a038d4a4c8

  • SHA1

    d64b7a247f5ecfb8c08d0017b12341a493011f31

  • SHA256

    9dc938d4f5181989018631c216be7094f16a2f49e4e4aacbd46993b5d73adb91

  • SHA512

    f96ff5862ac77382e2014112409244e4d786d9972fccd4d2e063a198859f48528ab9a2637497c398ebf9fbb0356ea0aa6b16a7ca9100a502c0ac2c775fc47d1c

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

94.247.168.64:443

159.203.93.122:8172

50.116.27.97:2303

rc4.plain
rc4.plain

Targets

    • Target

      e6af2a88_by_Libranalysis

    • Size

      160KB

    • MD5

      e6af2a887a21d037654b13a038d4a4c8

    • SHA1

      d64b7a247f5ecfb8c08d0017b12341a493011f31

    • SHA256

      9dc938d4f5181989018631c216be7094f16a2f49e4e4aacbd46993b5d73adb91

    • SHA512

      f96ff5862ac77382e2014112409244e4d786d9972fccd4d2e063a198859f48528ab9a2637497c398ebf9fbb0356ea0aa6b16a7ca9100a502c0ac2c775fc47d1c

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks