General

  • Target

    676d91eda80a2824abd29f7647c444c8ff2dfaa63bc99bcc6944bd1d45ba7711

  • Size

    162KB

  • Sample

    210615-w4sb8pnb6j

  • MD5

    8d8ca0f8fe5f3aeb5d854e5061123263

  • SHA1

    43b2cc72a9db02c84a216e1d01513e1b150fedca

  • SHA256

    676d91eda80a2824abd29f7647c444c8ff2dfaa63bc99bcc6944bd1d45ba7711

  • SHA512

    d1c5aa76e02d810d3455dc4da823b6504cec51a3c2c98863e9a08f1945e475659da03e09c2c730a8e5a2022b828abe54ff01746def27477bfd517ddce79670e9

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      676d91eda80a2824abd29f7647c444c8ff2dfaa63bc99bcc6944bd1d45ba7711

    • Size

      162KB

    • MD5

      8d8ca0f8fe5f3aeb5d854e5061123263

    • SHA1

      43b2cc72a9db02c84a216e1d01513e1b150fedca

    • SHA256

      676d91eda80a2824abd29f7647c444c8ff2dfaa63bc99bcc6944bd1d45ba7711

    • SHA512

      d1c5aa76e02d810d3455dc4da823b6504cec51a3c2c98863e9a08f1945e475659da03e09c2c730a8e5a2022b828abe54ff01746def27477bfd517ddce79670e9

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks