General

  • Target

    d66ea0f1cd0b354245960d539d7665927506fcbb893a7743af8188737de33647

  • Size

    170KB

  • Sample

    210611-fenkqz5yex

  • MD5

    f22b55b1d8b15bedddf8f8f74c247630

  • SHA1

    4bf8a69bd493b2a97df745f10f708c2e3aed1538

  • SHA256

    d66ea0f1cd0b354245960d539d7665927506fcbb893a7743af8188737de33647

  • SHA512

    8ac2d19a17376999b4b4267576400537c81d97245c62dc094ed563dec6cc0e5ebe74c7aff12123cb348e53e8eaf1ed731a27f0757a94cb7f4024bf01c520fdf3

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain

Targets

    • Target

      d66ea0f1cd0b354245960d539d7665927506fcbb893a7743af8188737de33647

    • Size

      170KB

    • MD5

      f22b55b1d8b15bedddf8f8f74c247630

    • SHA1

      4bf8a69bd493b2a97df745f10f708c2e3aed1538

    • SHA256

      d66ea0f1cd0b354245960d539d7665927506fcbb893a7743af8188737de33647

    • SHA512

      8ac2d19a17376999b4b4267576400537c81d97245c62dc094ed563dec6cc0e5ebe74c7aff12123cb348e53e8eaf1ed731a27f0757a94cb7f4024bf01c520fdf3

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks