General

  • Target

    720b0991fbb9a4f4151aa64c5403cd4c61fde717de02b47fb08a4d6b718a0f6b

  • Size

    162KB

  • Sample

    210615-2ps49mwx92

  • MD5

    530092a11711c2563b0ace500297a43c

  • SHA1

    728df472607e6577162830d278472d981b00ef16

  • SHA256

    720b0991fbb9a4f4151aa64c5403cd4c61fde717de02b47fb08a4d6b718a0f6b

  • SHA512

    b73b240d024d953e1f7f1d2a83f7b2c465a524f9851b0f917f0a32025d649099f71207a778d1433b31ba0fa1cbea9a8ccf774ed9ca97a54c5f044976924dab5e

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      720b0991fbb9a4f4151aa64c5403cd4c61fde717de02b47fb08a4d6b718a0f6b

    • Size

      162KB

    • MD5

      530092a11711c2563b0ace500297a43c

    • SHA1

      728df472607e6577162830d278472d981b00ef16

    • SHA256

      720b0991fbb9a4f4151aa64c5403cd4c61fde717de02b47fb08a4d6b718a0f6b

    • SHA512

      b73b240d024d953e1f7f1d2a83f7b2c465a524f9851b0f917f0a32025d649099f71207a778d1433b31ba0fa1cbea9a8ccf774ed9ca97a54c5f044976924dab5e

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks