General

  • Target

    cd47cfa1b8f95bfe7549078e1981f828a99901aa562af5de711e7f505e884db9

  • Size

    162KB

  • Sample

    210615-844cz9ze9n

  • MD5

    5d046d8b37add35b6bf27e6acb3242fb

  • SHA1

    75f59071a5b511fcfaf3215aca4f2de6dd323394

  • SHA256

    cd47cfa1b8f95bfe7549078e1981f828a99901aa562af5de711e7f505e884db9

  • SHA512

    f0ea15b8bee489e8dc51e060f0a9795462f5c325c15eca2aaf9d1e7becfcf11efb78888f83bfb26fd901f0914e4aabf2a33197da8dbb259a03f2e579b870c771

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      cd47cfa1b8f95bfe7549078e1981f828a99901aa562af5de711e7f505e884db9

    • Size

      162KB

    • MD5

      5d046d8b37add35b6bf27e6acb3242fb

    • SHA1

      75f59071a5b511fcfaf3215aca4f2de6dd323394

    • SHA256

      cd47cfa1b8f95bfe7549078e1981f828a99901aa562af5de711e7f505e884db9

    • SHA512

      f0ea15b8bee489e8dc51e060f0a9795462f5c325c15eca2aaf9d1e7becfcf11efb78888f83bfb26fd901f0914e4aabf2a33197da8dbb259a03f2e579b870c771

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks