fb799e59266f394a123fcbbff3da8b052baff387ee8fd25926d9a8484f17f996

General
Target

fb799e59266f394a123fcbbff3da8b052baff387ee8fd25926d9a8484f17f996

Size

170KB

Sample

210611-n3d34nqf5j

Score
10 /10
MD5

e8522290a002d46fc08c310386a3c658

SHA1

e516e264fb1150c131538601f1b92bc68d7e73f0

SHA256

fb799e59266f394a123fcbbff3da8b052baff387ee8fd25926d9a8484f17f996

SHA512

37bbcda86fb4c8fa9db8e23f2202f145068650a34fa9b2679f15929feaf0e3edeb6819a696002b5c8afbcaff35057ee67f175fd2a95b063b099bbc1cebe17d05

Malware Config

Extracted

Family dridex
Botnet 22201
C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain
Targets
Target

fb799e59266f394a123fcbbff3da8b052baff387ee8fd25926d9a8484f17f996

MD5

e8522290a002d46fc08c310386a3c658

Filesize

170KB

Score
10 /10
SHA1

e516e264fb1150c131538601f1b92bc68d7e73f0

SHA256

fb799e59266f394a123fcbbff3da8b052baff387ee8fd25926d9a8484f17f996

SHA512

37bbcda86fb4c8fa9db8e23f2202f145068650a34fa9b2679f15929feaf0e3edeb6819a696002b5c8afbcaff35057ee67f175fd2a95b063b099bbc1cebe17d05

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10