2ce9ea3c8aee379c5ea085a32452ec00cf52d87c0333e86e069c34f3aaefabdd

General
Target

2ce9ea3c8aee379c5ea085a32452ec00cf52d87c0333e86e069c34f3aaefabdd

Size

170KB

Sample

210611-n4bpfevd9x

Score
10 /10
MD5

fa38d64ccd1d36e1062f3b8adc84f3f0

SHA1

2b18585faa29ea574ea4bb354929c3fc2df093cb

SHA256

2ce9ea3c8aee379c5ea085a32452ec00cf52d87c0333e86e069c34f3aaefabdd

SHA512

7d525c28474699f4fdcba1ce7262c19f62e9b9efd82710e7fdeb174161e54f54105da769e33b2ebbbd8aa479cc9487f743e1ceeb65a3af4c5a407f275f5d996a

Malware Config

Extracted

Family dridex
Botnet 22201
C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain
Targets
Target

2ce9ea3c8aee379c5ea085a32452ec00cf52d87c0333e86e069c34f3aaefabdd

MD5

fa38d64ccd1d36e1062f3b8adc84f3f0

Filesize

170KB

Score
10 /10
SHA1

2b18585faa29ea574ea4bb354929c3fc2df093cb

SHA256

2ce9ea3c8aee379c5ea085a32452ec00cf52d87c0333e86e069c34f3aaefabdd

SHA512

7d525c28474699f4fdcba1ce7262c19f62e9b9efd82710e7fdeb174161e54f54105da769e33b2ebbbd8aa479cc9487f743e1ceeb65a3af4c5a407f275f5d996a

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10