0fea2fa264e0e861daef324f43e81b76c06fa9b0d7de2e4eccf75bae1999568c

General
Target

0fea2fa264e0e861daef324f43e81b76c06fa9b0d7de2e4eccf75bae1999568c

Size

170KB

Sample

210611-l25sdp3zlx

Score
10 /10
MD5

db92e7a0555c45e53014560908462542

SHA1

c1114f6bd3b0687dd63766657e17d13e4f18c054

SHA256

0fea2fa264e0e861daef324f43e81b76c06fa9b0d7de2e4eccf75bae1999568c

SHA512

a4238e8cd1c4281fc52bf4953ce9ec476bf9a8800a8da8b744ed7a1693ca7055584f7a52b73486f26bd842224828dd72a6bb2aeff327293f9b63703c68693736

Malware Config

Extracted

Family dridex
Botnet 22201
C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain
Targets
Target

0fea2fa264e0e861daef324f43e81b76c06fa9b0d7de2e4eccf75bae1999568c

MD5

db92e7a0555c45e53014560908462542

Filesize

170KB

Score
10 /10
SHA1

c1114f6bd3b0687dd63766657e17d13e4f18c054

SHA256

0fea2fa264e0e861daef324f43e81b76c06fa9b0d7de2e4eccf75bae1999568c

SHA512

a4238e8cd1c4281fc52bf4953ce9ec476bf9a8800a8da8b744ed7a1693ca7055584f7a52b73486f26bd842224828dd72a6bb2aeff327293f9b63703c68693736

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10