General

  • Target

    c91baa6a_by_Libranalysis

  • Size

    162KB

  • Sample

    210511-r8mdzm7sq6

  • MD5

    c91baa6a8bfe300484906a2988fc64e8

  • SHA1

    565fe97103fcd9347255dc30ae87563b5a7c6e77

  • SHA256

    ddb93073f8dc41b31e5a923da78538f04f0999d5f1dac94ed52b1f6e960e5376

  • SHA512

    98a856f5df97ad908db043c0c0a4fccdc9a13ae4fc69fcfa21419fba4974eeddfa0b3787a4b36e567994a0b00e341c6de9bf25094e8e80cda3ea201d0fa6488b

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      c91baa6a_by_Libranalysis

    • Size

      162KB

    • MD5

      c91baa6a8bfe300484906a2988fc64e8

    • SHA1

      565fe97103fcd9347255dc30ae87563b5a7c6e77

    • SHA256

      ddb93073f8dc41b31e5a923da78538f04f0999d5f1dac94ed52b1f6e960e5376

    • SHA512

      98a856f5df97ad908db043c0c0a4fccdc9a13ae4fc69fcfa21419fba4974eeddfa0b3787a4b36e567994a0b00e341c6de9bf25094e8e80cda3ea201d0fa6488b

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks