General

  • Target

    fcc2dc4cffad681122c1828f810eb7cc3f5a05a49f2538ee599e8a81dcf70c62

  • Size

    162KB

  • Sample

    210615-cxxab1hadj

  • MD5

    bb91f369ed223b8aec386a233a048105

  • SHA1

    e53c5bb9f6a169fb89ae4fd668d1db2a6b54675f

  • SHA256

    fcc2dc4cffad681122c1828f810eb7cc3f5a05a49f2538ee599e8a81dcf70c62

  • SHA512

    5baa9452dd33551b6c303b5e45e183a99bc7f67b139270b8158bbff495db0dbbbcc71cab96fa7ab4e07975cf92d7e62294ebe9cfd0625886d907e228edd6a0c1

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      fcc2dc4cffad681122c1828f810eb7cc3f5a05a49f2538ee599e8a81dcf70c62

    • Size

      162KB

    • MD5

      bb91f369ed223b8aec386a233a048105

    • SHA1

      e53c5bb9f6a169fb89ae4fd668d1db2a6b54675f

    • SHA256

      fcc2dc4cffad681122c1828f810eb7cc3f5a05a49f2538ee599e8a81dcf70c62

    • SHA512

      5baa9452dd33551b6c303b5e45e183a99bc7f67b139270b8158bbff495db0dbbbcc71cab96fa7ab4e07975cf92d7e62294ebe9cfd0625886d907e228edd6a0c1

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks