d66ea0f1cd0b354245960d539d7665927506fcbb893a7743af8188737de33647

General
Target

d66ea0f1cd0b354245960d539d7665927506fcbb893a7743af8188737de33647

Size

170KB

Sample

210611-fenkqz5yex

Score
10 /10
MD5

f22b55b1d8b15bedddf8f8f74c247630

SHA1

4bf8a69bd493b2a97df745f10f708c2e3aed1538

SHA256

d66ea0f1cd0b354245960d539d7665927506fcbb893a7743af8188737de33647

SHA512

8ac2d19a17376999b4b4267576400537c81d97245c62dc094ed563dec6cc0e5ebe74c7aff12123cb348e53e8eaf1ed731a27f0757a94cb7f4024bf01c520fdf3

Malware Config

Extracted

Family dridex
Botnet 22201
C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain
Targets
Target

d66ea0f1cd0b354245960d539d7665927506fcbb893a7743af8188737de33647

MD5

f22b55b1d8b15bedddf8f8f74c247630

Filesize

170KB

Score
10 /10
SHA1

4bf8a69bd493b2a97df745f10f708c2e3aed1538

SHA256

d66ea0f1cd0b354245960d539d7665927506fcbb893a7743af8188737de33647

SHA512

8ac2d19a17376999b4b4267576400537c81d97245c62dc094ed563dec6cc0e5ebe74c7aff12123cb348e53e8eaf1ed731a27f0757a94cb7f4024bf01c520fdf3

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10