General

  • Target

    235e5a1578817c7f3e31cb7d7b1960dbccdc234cc338cbae553c6dc886ba94d2

  • Size

    162KB

  • Sample

    210615-1ykhnppxy2

  • MD5

    9ff457e08f961096a1829f1cc61663cf

  • SHA1

    bfa00bf460841d53953aff8aec124e55c26876bf

  • SHA256

    235e5a1578817c7f3e31cb7d7b1960dbccdc234cc338cbae553c6dc886ba94d2

  • SHA512

    ae3ddb548cea1eb1f63a8f3c70ed13d87cdcda9756bd58662c9e8b339cc79840df25b69dba4cf9f91ba9bcda958eddb6ca0019d1f53656269ec527d579a0b52a

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      235e5a1578817c7f3e31cb7d7b1960dbccdc234cc338cbae553c6dc886ba94d2

    • Size

      162KB

    • MD5

      9ff457e08f961096a1829f1cc61663cf

    • SHA1

      bfa00bf460841d53953aff8aec124e55c26876bf

    • SHA256

      235e5a1578817c7f3e31cb7d7b1960dbccdc234cc338cbae553c6dc886ba94d2

    • SHA512

      ae3ddb548cea1eb1f63a8f3c70ed13d87cdcda9756bd58662c9e8b339cc79840df25b69dba4cf9f91ba9bcda958eddb6ca0019d1f53656269ec527d579a0b52a

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks