General

  • Target

    391208225c173d79026f69b45a2b1e495088d066bfd428aca74d571b4945418f

  • Size

    170KB

  • Sample

    210611-v858cr3snx

  • MD5

    8a7b91c2f8ec8cba216727f307e3c9a9

  • SHA1

    e04be849f966b6da7650db0c026052941660d7fb

  • SHA256

    391208225c173d79026f69b45a2b1e495088d066bfd428aca74d571b4945418f

  • SHA512

    d8da6c5106bfa6de015fd6a667fa71021b1982d80b0db66acfc96ac51c520c5ecf99bf83c43f3586d3dd9ded3563c07015bd4148ad128bb0a50c3bfed91f5499

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain

Targets

    • Target

      391208225c173d79026f69b45a2b1e495088d066bfd428aca74d571b4945418f

    • Size

      170KB

    • MD5

      8a7b91c2f8ec8cba216727f307e3c9a9

    • SHA1

      e04be849f966b6da7650db0c026052941660d7fb

    • SHA256

      391208225c173d79026f69b45a2b1e495088d066bfd428aca74d571b4945418f

    • SHA512

      d8da6c5106bfa6de015fd6a667fa71021b1982d80b0db66acfc96ac51c520c5ecf99bf83c43f3586d3dd9ded3563c07015bd4148ad128bb0a50c3bfed91f5499

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks