General

  • Target

    04cf70ac18a83d277f4fbbd402925182a269fcd4c359862a0d3c86d332e7dafd

  • Size

    158KB

  • Sample

    210615-ad5d8h7e9j

  • MD5

    bad9e09749905c1ed08fb04e32ac56bc

  • SHA1

    e6653f7d2bb3b9f9ebfede7ca5ef4570bfb17a5b

  • SHA256

    04cf70ac18a83d277f4fbbd402925182a269fcd4c359862a0d3c86d332e7dafd

  • SHA512

    06af46807436a8744e9c60ff295b4ee33c520fe67f36b3fcc04780ff858465f913d73afea9ea5282ec7e4246fc4be5deb23ff0a8beef1f42cdba2b23bd7ec2be

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      04cf70ac18a83d277f4fbbd402925182a269fcd4c359862a0d3c86d332e7dafd

    • Size

      158KB

    • MD5

      bad9e09749905c1ed08fb04e32ac56bc

    • SHA1

      e6653f7d2bb3b9f9ebfede7ca5ef4570bfb17a5b

    • SHA256

      04cf70ac18a83d277f4fbbd402925182a269fcd4c359862a0d3c86d332e7dafd

    • SHA512

      06af46807436a8744e9c60ff295b4ee33c520fe67f36b3fcc04780ff858465f913d73afea9ea5282ec7e4246fc4be5deb23ff0a8beef1f42cdba2b23bd7ec2be

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks