General

  • Target

    8d4dffe98ae01e1f16a86ab201c810cba8fdfdb0afdb06f942ba9024be186028

  • Size

    162KB

  • Sample

    210621-6xrcwl9fkj

  • MD5

    8742509b7890d1142e0dd17a13607b3e

  • SHA1

    4f5d43e0ad9fbb0311a1c058b638006344c88c82

  • SHA256

    8d4dffe98ae01e1f16a86ab201c810cba8fdfdb0afdb06f942ba9024be186028

  • SHA512

    6081cf9cc4c196c7997b1a6c92dec9821a9ac5351d325161fb20bd4091672becb35aa8d844a8db99a209dd2076d18cc380f3e70e7be57f2478a057785a0ac15d

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      8d4dffe98ae01e1f16a86ab201c810cba8fdfdb0afdb06f942ba9024be186028

    • Size

      162KB

    • MD5

      8742509b7890d1142e0dd17a13607b3e

    • SHA1

      4f5d43e0ad9fbb0311a1c058b638006344c88c82

    • SHA256

      8d4dffe98ae01e1f16a86ab201c810cba8fdfdb0afdb06f942ba9024be186028

    • SHA512

      6081cf9cc4c196c7997b1a6c92dec9821a9ac5351d325161fb20bd4091672becb35aa8d844a8db99a209dd2076d18cc380f3e70e7be57f2478a057785a0ac15d

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks