General

  • Target

    511fa4ebb0e5bf9294e4efe59a2dfc3f6d1a9517b8ea030d0d712792e913f10f

  • Size

    162KB

  • Sample

    210615-zp13hs1q72

  • MD5

    ddb794004767c3d6485d07b715f34b89

  • SHA1

    24858d0688f69d5d2e926a0fcdd1694198b12c63

  • SHA256

    511fa4ebb0e5bf9294e4efe59a2dfc3f6d1a9517b8ea030d0d712792e913f10f

  • SHA512

    0beea9d54ecc7e8168bc9d4f5773f0a84c6caca8aee4db7008a8eb0867457da15647bc7e4ae0172e45e426d6445e6c7a026ec4b54856443ad030cb3414171fdb

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      511fa4ebb0e5bf9294e4efe59a2dfc3f6d1a9517b8ea030d0d712792e913f10f

    • Size

      162KB

    • MD5

      ddb794004767c3d6485d07b715f34b89

    • SHA1

      24858d0688f69d5d2e926a0fcdd1694198b12c63

    • SHA256

      511fa4ebb0e5bf9294e4efe59a2dfc3f6d1a9517b8ea030d0d712792e913f10f

    • SHA512

      0beea9d54ecc7e8168bc9d4f5773f0a84c6caca8aee4db7008a8eb0867457da15647bc7e4ae0172e45e426d6445e6c7a026ec4b54856443ad030cb3414171fdb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks