51fab9bee41b454dfb76104ed9ca6c95e2c25859eb6ac9cd20c6b11ca5b8d602

General
Target

51fab9bee41b454dfb76104ed9ca6c95e2c25859eb6ac9cd20c6b11ca5b8d602

Size

162KB

Sample

210611-3rr58z5wbn

Score
10 /10
MD5

5fd3ccf6a9075bd70b07e948e76d55cb

SHA1

799d1bbf274472954f38213a59051a116782eb57

SHA256

51fab9bee41b454dfb76104ed9ca6c95e2c25859eb6ac9cd20c6b11ca5b8d602

SHA512

6c9bc6c65ac5729c8b87c8d456c9b09662c3c29f70935b7182e4a33cb58c66e89f416a06a6da6f76f0dacbfd9d49cf81af20ec4d3eb65f63e7431902a706793c

Malware Config

Extracted

Family dridex
Botnet 40112
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

51fab9bee41b454dfb76104ed9ca6c95e2c25859eb6ac9cd20c6b11ca5b8d602

MD5

5fd3ccf6a9075bd70b07e948e76d55cb

Filesize

162KB

Score
10 /10
SHA1

799d1bbf274472954f38213a59051a116782eb57

SHA256

51fab9bee41b454dfb76104ed9ca6c95e2c25859eb6ac9cd20c6b11ca5b8d602

SHA512

6c9bc6c65ac5729c8b87c8d456c9b09662c3c29f70935b7182e4a33cb58c66e89f416a06a6da6f76f0dacbfd9d49cf81af20ec4d3eb65f63e7431902a706793c

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1