General

  • Target

    e82c32ab_by_Libranalysis

  • Size

    162KB

  • Sample

    210511-nvancjwlhj

  • MD5

    e82c32abd367ed0b81f124e5bfb6f14e

  • SHA1

    234686cf93ee3a6ad0d5b2aa1a4e894eb19525e6

  • SHA256

    4e532d2362abcfac7b9ace1dc57133f85bc97fa79a9aee91a6b9103adc3ccfc9

  • SHA512

    57413ce76dc9f382bedbd3b89484acbd7d77d24b0e6514340699de1a097ad377f2acb7f1fa2fae440733c13cef74bf563f29393f7b6851ed08af0322ecbb6682

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      e82c32ab_by_Libranalysis

    • Size

      162KB

    • MD5

      e82c32abd367ed0b81f124e5bfb6f14e

    • SHA1

      234686cf93ee3a6ad0d5b2aa1a4e894eb19525e6

    • SHA256

      4e532d2362abcfac7b9ace1dc57133f85bc97fa79a9aee91a6b9103adc3ccfc9

    • SHA512

      57413ce76dc9f382bedbd3b89484acbd7d77d24b0e6514340699de1a097ad377f2acb7f1fa2fae440733c13cef74bf563f29393f7b6851ed08af0322ecbb6682

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks