b5783c60ed59501cbd39e605097537253c5a51e53e74811621fe6421891a79de

General
Target

b5783c60ed59501cbd39e605097537253c5a51e53e74811621fe6421891a79de

Size

162KB

Sample

210611-nsk9qykxtx

Score
10 /10
MD5

2dc2e943a9fc7786014fa96acf954284

SHA1

9c381532d3ce4fa7b3c6f6e0d00370a3baab7586

SHA256

b5783c60ed59501cbd39e605097537253c5a51e53e74811621fe6421891a79de

SHA512

f2a3c97702a559f62b61c3f491c79737c99b1c7dc32e6c8c7242e8dea77382a24e866018e818b18e1b11c43ef0ad6c4a0dd6d6bbafd50b72c3a8542b612fc567

Malware Config

Extracted

Family dridex
Botnet 40112
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

b5783c60ed59501cbd39e605097537253c5a51e53e74811621fe6421891a79de

MD5

2dc2e943a9fc7786014fa96acf954284

Filesize

162KB

Score
10 /10
SHA1

9c381532d3ce4fa7b3c6f6e0d00370a3baab7586

SHA256

b5783c60ed59501cbd39e605097537253c5a51e53e74811621fe6421891a79de

SHA512

f2a3c97702a559f62b61c3f491c79737c99b1c7dc32e6c8c7242e8dea77382a24e866018e818b18e1b11c43ef0ad6c4a0dd6d6bbafd50b72c3a8542b612fc567

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1