General

  • Target

    5d7e1dd04a64c27fc1c71a0a8267a445b0b0ced82c4d67d9e9b41463795a8391

  • Size

    158KB

  • Sample

    210611-c1enj8arba

  • MD5

    547be82b9b64a5d9ea30867b29962a56

  • SHA1

    0b01ec2a8fb0b4c536eeb4672eebc9a182a4e203

  • SHA256

    5d7e1dd04a64c27fc1c71a0a8267a445b0b0ced82c4d67d9e9b41463795a8391

  • SHA512

    c828b5b6272fa6eebef6526d62f5a07106de469e13212427ed8c2b659457e2921d1eed825c6117062180fb9d88f94a5fe21f0a56d07a721cd336e5f82a9b7099

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      5d7e1dd04a64c27fc1c71a0a8267a445b0b0ced82c4d67d9e9b41463795a8391

    • Size

      158KB

    • MD5

      547be82b9b64a5d9ea30867b29962a56

    • SHA1

      0b01ec2a8fb0b4c536eeb4672eebc9a182a4e203

    • SHA256

      5d7e1dd04a64c27fc1c71a0a8267a445b0b0ced82c4d67d9e9b41463795a8391

    • SHA512

      c828b5b6272fa6eebef6526d62f5a07106de469e13212427ed8c2b659457e2921d1eed825c6117062180fb9d88f94a5fe21f0a56d07a721cd336e5f82a9b7099

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks