General

  • Target

    8549c434999f1319b53ecbd72d80fb84eb612478abe9788a921a14e0f88960d1

  • Size

    162KB

  • Sample

    210615-lbz72s3nyn

  • MD5

    0bf9d0e309a3cf2d761b3950a15fdb67

  • SHA1

    bffcb778b5729444f8494ced60b797de4ce9557a

  • SHA256

    8549c434999f1319b53ecbd72d80fb84eb612478abe9788a921a14e0f88960d1

  • SHA512

    8b90a876e530ecd4aef20685322ee15f8d144669d5edcea3a83e5fb594093f965d7df370b21e0b5548b692e12949a7e83c439ec801f97ef322da985357a2d77c

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      8549c434999f1319b53ecbd72d80fb84eb612478abe9788a921a14e0f88960d1

    • Size

      162KB

    • MD5

      0bf9d0e309a3cf2d761b3950a15fdb67

    • SHA1

      bffcb778b5729444f8494ced60b797de4ce9557a

    • SHA256

      8549c434999f1319b53ecbd72d80fb84eb612478abe9788a921a14e0f88960d1

    • SHA512

      8b90a876e530ecd4aef20685322ee15f8d144669d5edcea3a83e5fb594093f965d7df370b21e0b5548b692e12949a7e83c439ec801f97ef322da985357a2d77c

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks