General

  • Target

    21d55ae95916640dfaf5ad1e526bbc0739a3e4c6333386381d214c81aff5b557

  • Size

    162KB

  • Sample

    210615-x84pgag546

  • MD5

    c18057a0dc5bf4f0bdae91f74906f671

  • SHA1

    9b99fee4442f0ce2f321bfe23239a72809065c45

  • SHA256

    21d55ae95916640dfaf5ad1e526bbc0739a3e4c6333386381d214c81aff5b557

  • SHA512

    24d6085b2267c946cd5bb992dfc678674ad08fe175273c4d21171a89df32b4043397854bcf06e47368aca7ce165b54c69b02453caee92908925da1bd3f2f7cf4

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      21d55ae95916640dfaf5ad1e526bbc0739a3e4c6333386381d214c81aff5b557

    • Size

      162KB

    • MD5

      c18057a0dc5bf4f0bdae91f74906f671

    • SHA1

      9b99fee4442f0ce2f321bfe23239a72809065c45

    • SHA256

      21d55ae95916640dfaf5ad1e526bbc0739a3e4c6333386381d214c81aff5b557

    • SHA512

      24d6085b2267c946cd5bb992dfc678674ad08fe175273c4d21171a89df32b4043397854bcf06e47368aca7ce165b54c69b02453caee92908925da1bd3f2f7cf4

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks