a7fd598c1eb2a2613029d9a437e3ae7d594e35a65486fc8e42bf76528d144795

General
Target

a7fd598c1eb2a2613029d9a437e3ae7d594e35a65486fc8e42bf76528d144795

Size

170KB

Sample

210611-mkxclgatex

Score
10 /10
MD5

1f9319a16281f56b977c6446eed4725b

SHA1

8bb02493023f38e558092fe6d3a5c493c36303e3

SHA256

a7fd598c1eb2a2613029d9a437e3ae7d594e35a65486fc8e42bf76528d144795

SHA512

9a151e57fcb3538a8c97bc34bff41419e2a23ccd5e4cc77d915e0c84e291f502c449d4e9fbbe1d9e6ca16bb78821621c893c5edc94534b17cb8ee6140b4dda86

Malware Config

Extracted

Family dridex
Botnet 22201
C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain
Targets
Target

a7fd598c1eb2a2613029d9a437e3ae7d594e35a65486fc8e42bf76528d144795

MD5

1f9319a16281f56b977c6446eed4725b

Filesize

170KB

Score
10 /10
SHA1

8bb02493023f38e558092fe6d3a5c493c36303e3

SHA256

a7fd598c1eb2a2613029d9a437e3ae7d594e35a65486fc8e42bf76528d144795

SHA512

9a151e57fcb3538a8c97bc34bff41419e2a23ccd5e4cc77d915e0c84e291f502c449d4e9fbbe1d9e6ca16bb78821621c893c5edc94534b17cb8ee6140b4dda86

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10