General

  • Target

    5c43bf533809785a3292622b9fec6b2fa34027362c7e8badaebe08193f318697

  • Size

    162KB

  • Sample

    210615-8az7zyr1gj

  • MD5

    c3660e9a93767c6b6f560196b8374a5a

  • SHA1

    cde5d105ed7b9598c6b838c111b7fe61291643e7

  • SHA256

    5c43bf533809785a3292622b9fec6b2fa34027362c7e8badaebe08193f318697

  • SHA512

    65b1bca9b7660fe71b250d4253078146fdd7adf0a64a31381d5b596f5c1045c4d875aa447093819ece9af0bdfec92b43921cb92bc657e1afc62230c1d18f9afe

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      5c43bf533809785a3292622b9fec6b2fa34027362c7e8badaebe08193f318697

    • Size

      162KB

    • MD5

      c3660e9a93767c6b6f560196b8374a5a

    • SHA1

      cde5d105ed7b9598c6b838c111b7fe61291643e7

    • SHA256

      5c43bf533809785a3292622b9fec6b2fa34027362c7e8badaebe08193f318697

    • SHA512

      65b1bca9b7660fe71b250d4253078146fdd7adf0a64a31381d5b596f5c1045c4d875aa447093819ece9af0bdfec92b43921cb92bc657e1afc62230c1d18f9afe

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks