ca99cd0cb4715388eb762b699d2b2aa8541705c55f4aa54c17a41158cb17f8e4

General
Target

ca99cd0cb4715388eb762b699d2b2aa8541705c55f4aa54c17a41158cb17f8e4

Size

162KB

Sample

210611-r7dcepn6ss

Score
10 /10
MD5

b08afb43a0ab3361eda52c957177e30f

SHA1

fef2692789cc795ebdd94b0cd177bc9d19565041

SHA256

ca99cd0cb4715388eb762b699d2b2aa8541705c55f4aa54c17a41158cb17f8e4

SHA512

d81800936f227c594518000f8ce97bd5a919663fc2cbca48946e66760c05f03e193f2657b0ec1e5641dd9cb8d652b65f383f3d4760b7c006d9e9384a66324862

Malware Config

Extracted

Family dridex
Botnet 40112
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

ca99cd0cb4715388eb762b699d2b2aa8541705c55f4aa54c17a41158cb17f8e4

MD5

b08afb43a0ab3361eda52c957177e30f

Filesize

162KB

Score
10 /10
SHA1

fef2692789cc795ebdd94b0cd177bc9d19565041

SHA256

ca99cd0cb4715388eb762b699d2b2aa8541705c55f4aa54c17a41158cb17f8e4

SHA512

d81800936f227c594518000f8ce97bd5a919663fc2cbca48946e66760c05f03e193f2657b0ec1e5641dd9cb8d652b65f383f3d4760b7c006d9e9384a66324862

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1