a0005c52d3f6bbdffa318707546743a6839d35450443b8d6ac73b5a9ba7c309d

General
Target

a0005c52d3f6bbdffa318707546743a6839d35450443b8d6ac73b5a9ba7c309d

Size

170KB

Sample

210611-kzk8d21rrj

Score
10 /10
MD5

b540ecdb806c2aab38cf91e40898ac5a

SHA1

54e707b17d4ab12eb209183b17d35614711ea5d8

SHA256

a0005c52d3f6bbdffa318707546743a6839d35450443b8d6ac73b5a9ba7c309d

SHA512

324d40b6a7d814bf8205b8dcbc820f54c297ebc96fc36e65c0ef7af4a2429e831b11661ddbd5a9b9a272a62b6687158130326cd67000edb1cd63730757cc30a5

Malware Config

Extracted

Family dridex
Botnet 22201
C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain
Targets
Target

a0005c52d3f6bbdffa318707546743a6839d35450443b8d6ac73b5a9ba7c309d

MD5

b540ecdb806c2aab38cf91e40898ac5a

Filesize

170KB

Score
10 /10
SHA1

54e707b17d4ab12eb209183b17d35614711ea5d8

SHA256

a0005c52d3f6bbdffa318707546743a6839d35450443b8d6ac73b5a9ba7c309d

SHA512

324d40b6a7d814bf8205b8dcbc820f54c297ebc96fc36e65c0ef7af4a2429e831b11661ddbd5a9b9a272a62b6687158130326cd67000edb1cd63730757cc30a5

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10