b5e47790e27c29cd2a5e083563909a367e095e011365cf5ba657251e36790432

General
Target

b5e47790e27c29cd2a5e083563909a367e095e011365cf5ba657251e36790432

Size

170KB

Sample

210611-vlj48gm9cs

Score
10 /10
MD5

f0fc2d8a1e5b4117087bc0391085503f

SHA1

def0cbe79338251707ca2926b8b0d2f2011fcc5d

SHA256

b5e47790e27c29cd2a5e083563909a367e095e011365cf5ba657251e36790432

SHA512

e3f2fc2529e2502a5e16ec5598cc9d3d57f86b82d4eb2b25ea4c20b1c5a7566bca71ef6d6900a33cfba6ab022a9e6a409d5c479df17c4d22826fa51ab6b50268

Malware Config

Extracted

Family dridex
Botnet 22201
C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain
Targets
Target

b5e47790e27c29cd2a5e083563909a367e095e011365cf5ba657251e36790432

MD5

f0fc2d8a1e5b4117087bc0391085503f

Filesize

170KB

Score
10 /10
SHA1

def0cbe79338251707ca2926b8b0d2f2011fcc5d

SHA256

b5e47790e27c29cd2a5e083563909a367e095e011365cf5ba657251e36790432

SHA512

e3f2fc2529e2502a5e16ec5598cc9d3d57f86b82d4eb2b25ea4c20b1c5a7566bca71ef6d6900a33cfba6ab022a9e6a409d5c479df17c4d22826fa51ab6b50268

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10