General

  • Target

    c3a053a04772acd7e10307c873c2e78dda19e36294837bf3c572997196ed7ba1

  • Size

    158KB

  • Sample

    210620-fzj1xe6znx

  • MD5

    56a60117bc60fc83299fc0d274a8ff7b

  • SHA1

    c4cfb83ac106c3235e3dc9c9f8296aef4be3d2e6

  • SHA256

    c3a053a04772acd7e10307c873c2e78dda19e36294837bf3c572997196ed7ba1

  • SHA512

    ed90066fd92d3853f83fb5e3f4375321718da318e0064169860dd348d2a3ef7db61ef5a7e63286229119cbd56be6b78f02c0aa46a4c3e42992a373f3c9ab6fd6

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      c3a053a04772acd7e10307c873c2e78dda19e36294837bf3c572997196ed7ba1

    • Size

      158KB

    • MD5

      56a60117bc60fc83299fc0d274a8ff7b

    • SHA1

      c4cfb83ac106c3235e3dc9c9f8296aef4be3d2e6

    • SHA256

      c3a053a04772acd7e10307c873c2e78dda19e36294837bf3c572997196ed7ba1

    • SHA512

      ed90066fd92d3853f83fb5e3f4375321718da318e0064169860dd348d2a3ef7db61ef5a7e63286229119cbd56be6b78f02c0aa46a4c3e42992a373f3c9ab6fd6

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks