General

  • Target

    c0f816fa47a5aa12e910eef762af67dc828c6b843a85bd52f988d306e65d991d

  • Size

    161KB

  • Sample

    210511-57kpenjq1j

  • MD5

    7bee2edc50722274dbf45a684e9bd009

  • SHA1

    3a898f5ad75aa3f41a60da307b9c84b881fd0f3d

  • SHA256

    c0f816fa47a5aa12e910eef762af67dc828c6b843a85bd52f988d306e65d991d

  • SHA512

    40fbd3aa20eaebfab610327abdb6c1fe9b2aaa01ed1fccb6b1b7a7bc5556931a811636b5c148ef0838295eb368ed791d29f6f7aa02f79835baa1e1f93ee72905

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      c0f816fa47a5aa12e910eef762af67dc828c6b843a85bd52f988d306e65d991d

    • Size

      161KB

    • MD5

      7bee2edc50722274dbf45a684e9bd009

    • SHA1

      3a898f5ad75aa3f41a60da307b9c84b881fd0f3d

    • SHA256

      c0f816fa47a5aa12e910eef762af67dc828c6b843a85bd52f988d306e65d991d

    • SHA512

      40fbd3aa20eaebfab610327abdb6c1fe9b2aaa01ed1fccb6b1b7a7bc5556931a811636b5c148ef0838295eb368ed791d29f6f7aa02f79835baa1e1f93ee72905

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks