General

  • Target

    0fea2fa264e0e861daef324f43e81b76c06fa9b0d7de2e4eccf75bae1999568c

  • Size

    170KB

  • Sample

    210611-l25sdp3zlx

  • MD5

    db92e7a0555c45e53014560908462542

  • SHA1

    c1114f6bd3b0687dd63766657e17d13e4f18c054

  • SHA256

    0fea2fa264e0e861daef324f43e81b76c06fa9b0d7de2e4eccf75bae1999568c

  • SHA512

    a4238e8cd1c4281fc52bf4953ce9ec476bf9a8800a8da8b744ed7a1693ca7055584f7a52b73486f26bd842224828dd72a6bb2aeff327293f9b63703c68693736

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain

Targets

    • Target

      0fea2fa264e0e861daef324f43e81b76c06fa9b0d7de2e4eccf75bae1999568c

    • Size

      170KB

    • MD5

      db92e7a0555c45e53014560908462542

    • SHA1

      c1114f6bd3b0687dd63766657e17d13e4f18c054

    • SHA256

      0fea2fa264e0e861daef324f43e81b76c06fa9b0d7de2e4eccf75bae1999568c

    • SHA512

      a4238e8cd1c4281fc52bf4953ce9ec476bf9a8800a8da8b744ed7a1693ca7055584f7a52b73486f26bd842224828dd72a6bb2aeff327293f9b63703c68693736

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks