General

  • Target

    d3fbedb8de5a9cfe7465d778e60c2ae67069f1d5f22365876b7bc39cf39ad6e3

  • Size

    162KB

  • Sample

    210511-9rrmldeqm6

  • MD5

    8fd79de945684ea29a7639b6426a3ca5

  • SHA1

    a6053ae05ad5ab81bb0af42e430e0d643d293826

  • SHA256

    d3fbedb8de5a9cfe7465d778e60c2ae67069f1d5f22365876b7bc39cf39ad6e3

  • SHA512

    9254eb273e388ee1225e0ee020c75dd0de40642fadadb8a710c2a51238ce9dc9f12d1fa0faf87645fc4195aa002d0e7a42f2b33ae3927cc6d9350ac635ddc599

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      d3fbedb8de5a9cfe7465d778e60c2ae67069f1d5f22365876b7bc39cf39ad6e3

    • Size

      162KB

    • MD5

      8fd79de945684ea29a7639b6426a3ca5

    • SHA1

      a6053ae05ad5ab81bb0af42e430e0d643d293826

    • SHA256

      d3fbedb8de5a9cfe7465d778e60c2ae67069f1d5f22365876b7bc39cf39ad6e3

    • SHA512

      9254eb273e388ee1225e0ee020c75dd0de40642fadadb8a710c2a51238ce9dc9f12d1fa0faf87645fc4195aa002d0e7a42f2b33ae3927cc6d9350ac635ddc599

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks